Announcement of 17. April 2013

Boston Marathon bombing being exploited by spammers

G Data is currently observing a huge wave of spam luring recipients to malware sites

While the devastating bombing at the Boston Marathon has caused grief and horror around the world, cyber criminals have exploited the attack as an opportunity for a huge wave of spam. G Data Security Labs is currently observing a massive rise in email with links to videos of the explosion. But besides YouTube videos, there is also blackmail malware hidden on the website. This blocks the infected computer and claims it will be released again on payment of a "ransom". The computer is also exploited as a spam spray-gun to send more email. In a second variant, passwords are stolen and all network traffic is read to spy on the user. G Data advises recipients of such emails to delete the message without reading it and not to click on the link contained in it under any circumstances.


Many people use the Internet as the first port of call for current news and background information, and videos are very popular with users when doing so. If an email recipient clicks on the link contained in the email, he will be taken to a primed site containing five different YouTube videos.

But besides the five films, the perpetrators have incorporated a Java applet on the website that has been primed to exploit a specific Java vulnerability on computers. If the Java variant installed on the computer is older than version 7 update 11, blackmail malware is installed on the computer with the aid of an exploit, and the infected PC is exploited to send more email.

In a second variant, the perpetrators also steal passwords that have been stored in the Firefox browser, e.g. for online shops, email inboxes or social networks, and read all unencrypted network traffic. This enables the criminals to spy closely on users.

Spam email with alleged video of the Boston bombing

G Data security tips for recipients of the spam emails

  • Delete without opening: Spam email received should be deleted without being read. Email attachments or links in messages should not be clicked on for security reasons.
  • Install security software: Users should install an effective security solution that includes virus protection, a spam filter, HTTP filter and real-time protection.
  • Install updates: Users should always install all available patches and updates for the installed operating system and programs, to keep the PC fully up to date at all times.
Announcement of 17. April 2013


G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49-234-9762-239

Kathrin Beckert-Plewka
Public Relations Manager
Phone: +49 (0) 234 - 9762 507

Christian Lueg
Public Relations Manager
Phone: +49 (0) 234 - 9762 160

Dominik Neugebauer
Public Relations Manager
Phone: +49 (0) 234 - 9762 610