FIFA World Cup Themed Spam Rises As the Event Goes On
As per Symantec Hosted Services, cyber crooks have been exploiting of the thrill of the FIFA World Cup Tournament.
Symantec disclosed that Brazil's early World Cup lead may be the reason for being the focus of the attackers, as per the news published by THEWHIR on June 17, 2010.
On June 2, 2010, Symantec discovered nearly 45 spam mails that were intercepted on their way to several Brazilian firms, which includes finance, chemicals and manufacturing companies.
The subject line of the mail is "If Brazil wins You also gain!" and the content of the mail says "Check by clicking on the ball!" and "And see the catalogue of bonuses!" under a football's picture.
It seems that the mail was spoofed from a reputed sportswear manufacturer. It uses the .com.br domain of the manufacturer and was dispatched by a Brazilian server hosting company. The spoofed manufacturer is an official sponsor of the FIFA tournament, which further adds authenticity to the attack.
This social engineering attack takes advantage of the thrill of the 2010 FIFA World Cup in South Africa to lure users to respond to the mail, and thereby, compromise their computers and corporate details.
The most fascinating feature of the attack which Symantec observed is that it employs two modes of attack - a PDF attachment and a malevolent link which can lead to malware installation. The exploit which is used in the PDF has been identified as CVE-2010-0188.
The use of two modes of attacks indicates that even if the malevolent PDF attachment is removed with the help of antivirus solution, the malicious link will still stay with the content of the mail and will be delivered to the user.
This is probably because several mail filtering systems are made to just remove or clean viral attachments, and will usually ensure that the "cleaned" mail is delivered to the user, in this situation along with the harmful link.
With the tournament going on, the security experts of Symantec Hosted Services expect to come across several FIFA-based spam mails and malware.
» SPAMfighter News - 28-06-2010