Application security, Malware, Network Security, Phishing, Threat Management

World Cup lottery spam, targeted malware discovered

Cybercriminals are keeping their foot on the gas as the month-long World Cup soccer tournament in South Africa continues.

A number of scams are underway this week to spread malware and trick users into handing over sensitive information, security researchers warned.

One phishing campaign discovered this week appears to be a new take on the "Nigerian 419" scams.

The ruse used a lottery theme associated with the World Cup to dupe recipients into revealing personal information, Sam Masiello, director of messaging security research at McAfee, wrote in a blog post Tuesday. The messages claim recipients won the “South African 2010 FIFA World Cup lottery award" worth a $950,000 prize. Recipients are instructed to send back their personal information – including name, phone number and email address – to claim the prize.

The attack was different than most phishing scams because users were not initially asked to reveal any credit card details. Cybercriminals likely crafted the attack that way to make it appear legitimate, Masiello said.

“Scammers are out in full force, trying to take advantage of the excitement of the FIFA World Cup tournament,” Masiello said.

Some of the subject lines used in the campaign included, “claim your fifa world cup football award/ticket,” “fifa 2010 world cup lottery department” and “winner – fifa world cup online draw.”

In a separate campaign discovered recently, attackers attempted to send 45 targeted, World Cup-themed malicious emails to the executives and managers at Brazilian chemical, manufacturing and finance companies, Tony Millington, malware operations engineer at Symantec Hosted Services, wrote in a blog post last week..

The messages, sent out on June 2 and intercepted on the way to recipients, spoofed a well-known sportswear manufacturer sponsoring the World Cup. They came with the subject line that translates to: “If Brazil wins You also gain!” and contained a malicious PDF attachment and a link.

“The inclusion of two methods of attack means that even if the PDF is removed as suspicious by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient,” Millington wrote.

The malware used in the attack was based on a publicly available crimeware toolkit, known as “SpyEye,” which is generally used in larger volume attacks designed to quickly build botnets. In this case, the malware was likely used for its credit card theft abilities, Millington said.

Meanwhile, security firm Websense said in a blog post on Thursday, that it began tracking 80,000 spam messages armed with World Cup-related subjects that contained HTML attachments with embedded JavaScript. Users who clicked on the attachment were led to a malicious website.

Internet surfers also should be mindful of poisoned results that may appear when they search on Google for information related to the tournament, experts said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.