If you've received an email about the Boston bombings, do not click on the link.
A spam-monitoring lab at the University of Alabama at Birmingham says a new malware campaign targeting Windows computers is sending out an "unprecedented" amount of spam emails. If users open the email and click on the link inside, the malware will infect their computers.
“The volumes are just astronomical,” said Gary Warner, a cyber researcher with UAB's Computer Research Forensics Lab.
The lab looks for spam that can result in users' computers becoming infected, Warner said. If the group sees more than 1,000 copies of a malicious email, it is considered "dangerous." In the case of this Boston attack-related spam, the group has already seen more than 80,000 spam emails.
“We’re at 80 times our normal volume of what we would consider dangerous,” Warner said.
The spam campaign works by sending users emails with subject lines about the Boston bombings. Inside is a link that takes users to a Web page with various YouTube videos about the attack. But those pages also include a malicious link that quietly infects users' computers while they watch the videos.
“Everyone who clicks on this, their computer is going to send out spam," Warner said.
And the spam will go out fast. Warner said that his group purposely infected one of its computers; within 42 seconds of being infected, it tried to send out 300 spam messages to random email addresses.
The point of the spam campaign is to infect as many computers as possible and add them to a Botnet, or a network of computers. Right now, the infected machines are simply being instructed to infect others, but in the future, Warner said they could be directed to perform a cyber attack known as a distributed denial of service, to click on advertisements all day and make money for the spammers or to steal the financial information of the computer's owner.
“Right now, the bad guys are just trying to add numbers to their botnet,” he said. “The next phase would be to convert that into something that the bad guys can use to either to make money or do damage.”
Warner said users should avoid opening any emails like these. Unfortunately, because the spam campaign is so new, many security programs are not detecting the viruses that are being installed, Warner said. For now, users who have clicked on emails like these can see if they might be infected by checking how much data their network adapter is sending to the Web.
Warner said that can be done by finding the network icon on the right-hand bottom corner of the screen and right-clicking on it. Then click on "Open Network and Sharing Center" followed by "Local Area Connection." Under "Activity," look for how many bytes are being sent. If the number keeps skyrocketing very quickly upward, your computer may be infected.