Targeted Attacks Themed on FIFA World Cup Continue

Security software firm Symantec has claimed to have tracked a constant assault using different file attachments and the upcoming World Cup so as to deceive higher officials employed in inter-governmental organizations, reported thetechherald.com on June 3, 2010.

As per the company, they identified the first assault based on the World Cup at end-March, this year. Since then, three more attacks have been discovered by the company.

In the first attack, a small group of users at an internationally famous US-based manufacturer was targeted. The attack involved a poorly written email, coming from free Webmail accounts and having an attached ZIP file called '2010_FIFA_WORLD_CUP.zip' that allegedly included schedule for the World Cup matches, containing an Excel document '2010_FIFA_WORLD_CUP.xls'.

Upon execution, the file installed malware onto the targeted system, which facilitated a backdoor for attackers to secretly access data on that system and/or to access other PCs on that network.

The second attack discovered by the company was also similar, i.e. it also persuaded e-mail recipients into opening a malicious attachment that contained World Cup match schedule. This attack was targeted on two users - one in an internationally-recognized charity and other in a high-profile inter-governmental organization.

In just a period of six days, the same users were targeted the second time by the same scam. According to Symantec, this is a good example of how recipients are repeatedly attacked, as per the news published by thetechherald.com on June 3, 2010.

In the final attack, the attacker just cut and pasted the text from a legit website created by Niall Mellon Township Trust, a charitable organization dedicated to build homes for the poor people of the South African Townships.

The attacker downloaded a document from the charity's website that included tournament's details, added malware to that Excel document, attached the document to the e-mail, and then mailed it to targeted users.

It's quite uncommon to observe targeted assaults using zip archives and Excel documents as most of the attacks in the past have used .doc, .pdf and .exe files as attachments.

To capture the attention of the recipients, attackers use an effective way of giving the e-mails a business, official or political theme. They also relate their fake e-mails to interesting and notable events, noted the security experts.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 6/10/2010