Warning! Hackers are exploiting Texas explosion news to spread malware

Graham Cluley
Graham Cluley @

 @grahamcluley.com
 @[email protected]

Once again, cybercriminals are leaping at the opportunity to take advantage of breaking news stories to spread malware.

The latest example, coming just days after malware authors exploited interest in the Boston Marathon bombings, concerns the fatal explosion in the small community of West, Texas, of a fertiliser plant.

Here’s an example of one of the malicious emails intercepted by SophosLabs, with the subject line “CAUGHT ON CAMERA: Fertilizer Plant Explosion Near Waco, Texas”.

Malicious email

Other messages have been seen using the subject line “Raw: Texas Explosion Injures Dozens”.

Sign up to our free newsletter.
Security news, advice, and tips.

Clicking on the link contained inside the emails takes unsuspecting computer users to a webpage that contains a series of embedded YouTube videos.

Video website designed to infect visiting computers

Harmless enough, you might think. However, the webpage also contains a 640×360 pixel iFrame, that attempts to suck in malicious content from another site, designed to infect your computer. The attack uses the Redkit exploit kit to take advantage of vulnerabilities on visiting PCs in order to infect them with malware.

The Redkit exploit kit uses a PHP shell hosted on compromised websites to run its operations.

Firstly, Redkit bounces first level redirects to the next compromised server, and then malicious content delivering PDF or JAR (Java Archive) exploits are served up from a command & control server.

Sophos protects against the attack, detecting the injected malicious iFrames as Troj/ExpJS-II and Troj/Iframe-JG.

It seems clear that whoever is behind this malware attack was also being the attempt to infect computers with malware using the disguise of a news story about the Boston bombing earlier this week.

The criminals behind this attack couldn’t care less that innocent people have died in Texas and Boston. Their only interest is making money by exploiting the computers of news-hungry internet users.

Don’t make life easy for malicious hackers – and always go to legitimate news outlets for breaking news rather than rely upon unsolicited emails.

Thanks to SophosLabs researchers Paul Baccas and Fraser Howard, and reader Nick Burns, for their assistance with this article.

Graham Cluley
Graham Cluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

You may also like...

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.