Ukrainian cybercriminals this week sprang at the opportunity to exploit the recent tragedy in Boston that killed three and injured more than 100 people.
In emails disguised as news alerts, spammers from Ukraine and Latvia sent malicious software, commonly known as malware, which claimed to contain a link to video footage of the two explosions that occurred at the Boston Marathon on April 15, Naked Security, a news website supported by the internet security company Sophos, reported.
The company’s security products
detected a Windows Trojan horse in the messages that infected the recipients’
computers after clicking the provided link, the report said. If installed, the
malware makes changes to the registry and installs files that allow hackers to
gain remote access to the infected computers.
The emails sent by the
cybercriminals included the subject lines “2 Explosions at Boston Marathon,”
“Aftermath to explosion at Boston marathon,” “Boston Explosion Caught on Video”
and “Video of Explosion at the Boston Marathon 2013.”
The spamming incident comes nearly a
month after the arrests of those involved in a cybercrime ring based in Ukraine
that stole more than a quarter million dollars from accounts around the world.
The Security Service of Ukraine,
known by the acronym SBU, in a joint investigation with Russia’s Federal
Security Service in March arrested members of a criminal hacker group that stole
some $250 million from the accounts of domestic and foreign financial
institutions, according to a statement posted on the Security Service of
Ukraine website on April 9. The investigation was backed by the Kyiv Prosecutor’s
Office and UniCredit-Ukrsotsbank.
The cybercrime ring, comprised of 20
individuals between the ages of 25 and 30, including 16 Ukrainians, used the
internet and self-developed malicious software, known as malware, to steal
money from account holders at a number of Ukrainian and Russian banks.
Members of the
group were separately responsible for developing specific parts of the malware
and worked independently in such cities as Kyiv,
Zaporozhye, Lviv and Kherson. Then the parts were sent to the server of the
group’s kingpin, an unidentified 28-year-old Russian national, residing in
Odesa, where the final product was assembled.
Authorities
arrested members of the group in their respective cities on March 19 and
confiscated the hi-tech equipment used in the crimes.
The group’s malware was specifically designed to steal the banking
credentials of businesses, their logins, passwords and data from the popular
Russian accounting software 1C.
One of the investigators involved in the case told Kommersant newspaper
that after the group obtained the information of a business it would study it
for days or weeks before issuing fake payments from the victim businesses to
its shell companies.
A criminal case has been opened against the cybercrime ring on the charges
of unauthorized interference in the work of computers, automated systems and
computer and telecommunication networks, offenses punishable by up to six years
in prison.
Kyiv Post staff writer Christopher J. Miller can be
reached at [email protected], or on Twitter at @ChristopherJM.
