Shortly after the Boston Marathon bombing occurred, cybercriminals began spreading malware through email. The emails included a link that claimed to have video footage of Monday's explosion.
According to a post shared by Sophos' Graham Cluley
on Google+, subject lines included titles such as "2 Explosions at Boston Marathon", " Aftermath to explosion at Boston Marathon", "Boston Explosion Caught on Video" and "Video of Explosion at the Boston Marathon 2013".
"If you make the mistake of clicking on the link, however, you are taken to a website which - while showing you genuine YouTube videos of the horrific incident - attempts to infect your computer with a Windows Trojan horse that Sophos products detect as Troj/Tepfer-Q," Cluley writes on Sophos' blog
If the files are installed, the malware makes changes to the computer's registry that allows the hackers to gain remote access to the affected computers.
While the current malware is being sent via email, it would not be surprising if something similar surfaced on Facebook and other social media sites. Sadly, cybercriminals are quick to prey on people after a tragedy. After the bombing and shooting
occurred in Norway in 2011, scammers quickly took to Facebook. These types of scams are not uncommon.
Anytime news comes in email or on social media promoting links to videos, it is always a good idea to verify with legitimate news outlets. In this case the videos embedded on the infected websites are genuine and do not lead to survey scam sites like previous ones have done. If the clip is legit, it will be reported elsewhere most of the time and it's better to seek news from known legitimate websites, not random URLs.