FIFA World Cup Scammers Using Double Attack Mode Says Symantec Hosted Services

If one is good, then two must be better, right? FIFA World Cup  scammers apparently believe this double whammy approach will be more successful in helping them overcoming security safeguards, and perhaps even a targeted victim’s reluctance to engage with malicious email.

According to Symantec Hosted Services’ MessageLabs Intelligence unit, they have intercepted “a run of 45 targeted malware emails in route to a number of Brazilian companies across industries”.

The MessageLabs Intelligence unit discovered the attack had been crafted using both an infected  PDF attachment, and a malicious web link. The outcome of this double barreled approach could mean, “even if the malicious PDF attachment is removed by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient” stated Symantec.

As the tournament continues, don’t be surprised to see more World Cup-related spam and malware threats emerge.

You can learn more about World Cup-related spam here.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cyber Criminals are Kicking Internet Users, and the World Cup

I’m a huge fan of the World Cup, but I have to admit, I’m totally annoyed that France eliminated Ireland on an illegal hand ball earlier this year. I’m Irish, by cultural extraction, so I get to feel this way.

By allowing this tainted win to stand, FIFA did nothing to enhance the perception of fairness in the “beautiful” game.

But, I’m digressing – this article is supposed to be about how cyber crooks are capitalizing on the World Cup, and screwing Internet users in the process.

Aware internet users know, that if an event is newsworthy, cyber criminals will exploit it to their own advantage. It’s no surprise then, that cyber criminals have jumped on the World Cup, and are already exploiting this enormously significant event.

Cybercriminals are experts at exploiting our curiosity surrounding current events, and by focusing on this aspect of social engineering (using a shotgun approach), they are increasingly creating opportunities designed to drop malicious code on our computers. Most of this activity is designed to separate unwitting victims from their money.

Cybercriminals can be much more direct though, in their attempts to separate victims from their money. The bad guys are now using specifically targeted email attacks against high profile officials in inter-governmental organizations, world wide.

Symantec Hosted Services has just reported they “first intercepted a FIFA World Cup related attack at the end of March 2010”, and additional targeted attacks have been uncovered since then. The attack emails are crafted in such a way that recipients are encouraged to open an attached, malicious, World Cup match schedule.

According to Symantec, “should the recipient become lured in, an open excel file will drop an executable on the compromised PC, creating a “backdoor” that bypasses normal authentication, connecting to the hacker’s machine.”

The following graphic is illustrative of the type of emails used by these cyber criminals.

You can learn more about these targeted attacks online at the MessageLabs Intelligence blog.

Additional information in the blog report includes:

What type of file do targeted attacks use the most in their attachments?

How are legitimate websites used in targeted attacks?

What other targeted attacks have arisen during the World Cup?

How can targeted attacks be detected?

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.