The Latest in IT Security

Malicious Spam Emails Target Nightclub Disaster in Santa Maria

29
Jan
2013

Symantec Security Response has observed that spammers are distributing malicious emails that attempt to lure users into viewing a video of the incident that killed 233 people recently in a horrific tragedy at a popular nightclub in Santa Maria, Brazil. The malicious email is in Portuguese and invites unsuspecting users to click on a link to watch a video of the tragedy. The link provided in the email downloads a zip file containing a malicious control panel file as well an executable file. Symantec detects this threat as Trojan Horse.

Further analysis of the malicious file shows that the threat creates the following file:

%SystemDrive%\ProgramData\ift.txt

It also alters the registry entries for Internet Explorer.

The threat then downloads an IE configuration file from a recently registered domain. Trojan Horse is usually a backdoor Trojan, downloader, or an infostealer.

Samples of the spam emails are shown below (Figures 1 and 2). The email has the following characteristics:

Subject: Video mostra momento exato da tragedia em Santa Maria no Rio Grande Do Sul segunda-feira, 28 de janeiro de 2013

Subject: VIDEO DO ACIDENTE DA BOATE DE SANTA MARIA RS.

Translation: Video shows the beginning of the tragedy in Santa Maria, Rio Grande Do Sul Monday, January 28, 2013

Translation: Video of the Nightclub accident in Santa Maria RS

Figure 1. Spam email example one

Figure 2. Spam email example two

Users are advised to exercise caution when looking for videos, images, and news of recent popular events. Do not click on suspicious links or open attachments received in unsolicited emails. Keep your security software up-to-date in order to protect your information from online viruses and scams.

Leave a reply


Categories

FRIDAY, NOVEMBER 24, 2017

Featured

Archives

Latest Comments

Social Networks