Language is proving no barrier to cybercriminals looking to profit from the 2010 World Cup, and with Spain, Portugal and Brazil reaching the final 16, fans of those countries should be on high alert for native language online scams.
Symantec researchers recently identified a new spam e-mail written in Portuguese, which leveraged the branding of one of the major sponsors of the tournament.
According to Symantec’s Paul Wood, recipients are lured by the subject line, which informs them that the well-known brand will take them to the World Cup.
“The prospective victim is requested to click on a button at the bottom of a cleverly crafted logo in the body of the e-mail if they wish to ‘win’. Unfortunately, in this case there are no winners, as clicking the button downloads an executable file named Participar.exe,” he says.
When downloaded and activated, the malware produces two files and generates a number of pop-up messages.
Adds Wood: “In the background, it collects information on what other machines are on the same network, and it can be used to steal data and grant a remote attacker further access to the compromised computer.”
Further analysis showed that although the e-mail attempted to hijack a well-known U.S.-based soft drink brand, it had actually been sent from an IP address in Macau, a special administrative region of China.
Says Wood: “This is a particularly clever scam, as it plays on people’s inherent trust in a well-known brand and, comfortingly for Portuguese speaking fans travelling abroad, addresses them in their home language.
“Fans should remember that as tempting as it may be to click on something they think they can trust, they should always exercise caution and keep their antivirus software up to date.”