Symantec warns of sophisticated World Cup malware

Malware writers are targeting users with World Cup themed malicious emails

Symantec Hosted Services (SHS) is warning of yet more targeted World Cup-based malware attacks using increasingly sophisticated methods to infect victims and compromise corporate systems.

Tony Millington, malware operations engineer at SHS, explained in a blog post that the firm had intercepted 45 targeted malware emails headed for various Brazilian companies.

"This social engineering attack exploits the excitement surrounding the 2010 World Cup in South Africa to prompt recipients to take actions which may compromise their systems and corporate information," he wrote.

"One particularly interesting element of this targeted attack is the use of two attack modes: a PDF attachment and a malicious link."

The email claims legitimacy by purporting to come from a well known sportswear manufacturer, and includes a malicious PDF attachment and a link back to the server which can result in downloaded malware. This tactic effectively doubles the chance of success for the cyber criminals, Millington explained.

"The inclusion of two methods of attack means that, even if the PDF is removed as suspicious by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient," he said.

"This is because many email filtering systems are configured to simply remove or clean viral attachments, and will often allow the 'cleaned' email to be delivered to the recipient, in this case with the malicious link still intact."

The malware in question is an off-the-shelf information stealing botnet virus called SpyEye, which exploits a PDF flaw to enable hackers to take full control of the infected computer, said SHS.