Theme adopted in spam and malware distribution campaigns

Jun 12, 2009 11:12 GMT  ·  By

Security researchers warn that cybercriminal gangs are taking advantage of the Air France flight 447 tragedy. Trying to exploit the significant public interest attracted by the sad event, cybercrooks are pushing spam and malware, both by e-mail and poisoned search results.

Air France Flight 447 refers to the commercial flight between Rio de Janeiro and Paris, which crashed over the Atlantic Ocean on June 1st, resulting in the death of all 228 people onboard. The crash, which could be one of the biggest accidents in aviation history, has attracted massive media attention.

Just as with most events and news that benefit from increased popularity, spammers did not miss the change to profit. Security researchers from McAffee warn of fake online pharmacy spam campaigns adopting a Flight 447 theme.

Several million unsolicited e-mail messages with subjects such as "A-330 blackbox record," "Another plane crushed," or "Last seconds of plane" have reportedly hit the McAfee spamtraps. "As usual, these spammers are disrespectful and do not hesitate to use the most shocking events to promote their shady businesses," Francois Paget, threat researcher for the av vendor, concludes.

Meanwhile, analysts from Websense advise of an e-mail malware distribution campaign claiming to deliver legit news updates about the tragedy from Terra Networks. The spam messages are in Portuguese and attempting to view the linked videos will prompt the download of a file named Video_AirFrance_447.com. This file is actually a Trojan downloader, which "registers a password-stealing BHO component on the system masquerading as a McAfee SiteAdvisor component."

Trend Micro reports a scareware distribution campaign, which employs blackhat SEO techniques to poison the search engine results for keywords related to the Flight 447 tragedy. "Searches for reports related to the plane crash yield links that when opened trigger multiple redirections to various sites, which ultimately lead to download of rogue antivirus software," the malware experts from Trend warn.

Users are advised to get their news reports from trusted sources and only follow search results pointing to known websites. Unsolicited e-mails about the tragedy should also be discarded.