Brazil began its run in the 2010 World Cup this week with a win over North Korea. Less positive news for arguably the world’s most ardent fans is that their passion is being exploited by cybercriminals who have launched a barrage of attacks on Brazilian companies.
According to Tony Millington, Malware Operations Engineer at Symantec Hosted Services, researchers have identified a run of 45 “targeted” malware e-mails that have been sent to Brazilian firms in the chemical, manufacturing, and finance sectors.
Says Millington: “This ‘social engineering’ attack exploits the excitement surrounding the 2010 World Cup in South Africa to prompt the recipients, managers and executives at the targeted firms, to take actions which could compromise their systems and corporate information.”
Sent from a server hosting company in Brazil, the e-mail purports to be from a well-known sportswear manufacturer and sponsor of the World Cup – a ploy, which adds validity to the attack (see screenshot below).
Adds Millington: “Interestingly, in order to increase the chance of a successful attack, the criminals included both a malicious PDF attachment and a link back to their server which can result in downloaded malware.
“This ‘dual’ attack means that even if the PDF is removed by an anti-virus gateway, the malicious link remains in the body of the e-mail and may still be delivered to the recipient.”
Unusually, the attackers didn’t make use of a free webmail service, which is often the common approach in these cases.
“The reason is probably that the malware employed isn’t a typical backdoor Trojan but actually an off-the-shelf botnet virus called 'SpyEye',” says Millington.
“Once the recipients falls for the scam and downloads the links, an executable is downloaded, executed and installed. The malware notifies the criminals that the now infected machine is online and contactable. They can then take full control and carry out whatever nefarious plan they have in mind,” he says.