(WEB HOST INDUSTRY REVIEW) — With the FIFA World Cup tournament underway, cybercriminals are taking advantage of the excitement, according to targeted malware attacks intercepted by Symantec Hosted Services.
According to Symantec, Brazil’s early World Cup lead may also be giving it the unfortunate distinction of being the focus of targeted attacks. Symantec intercepted a run of 45 targeted malware emails on June 2 en route to a number of Brazilian companies. The emails attempt to draw in World Cup fans by spoofing a well-known sportswear manufacturer sponsoring the FIFA World Cup.
Symantec noted that the most interesting aspect of the attack is that It uses two attack modes, a PDF attachment and a malicious link, meaning that even if the malicious PDF attachment is removed by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient.
In a separate finding, Symantec Hosted Services’ MessageLabs Intelligence unit discovered spam for a pharmaceutical site using the World Cup as a lure via an “obfuscated JavaScript,” which means that the spammer went to considerable lengths to disguise the malicious JavaScript – an approach usually associated with malware.
Unlike normal JavaScript that strives to be as clear as possible, the obfuscated JavaScript contains code to redirect the recipient’s browser to a different location. For instance, the link location is disguised as: “hJt>t>p>:S/2/2aSd>v2aSnlcleldSwloloJd>tSe2c2hJ.2cSo>ml/2xJnSuJ4JeSjS/2z2.Shltlm” By removing certain characters, the destination URL is revealed as “http://redacted/xnu4ej/z.htm”.
As the tournament continues, Symantec Hosted Services expects to see more World Cup-related spam and malware threats emerge.
No related posts.
