Security experts are seeing more and more cybercriminal operations that leverage the upcoming FIFA World Cup. Symantec experts have spotted malware attacks, phishing schemes and even Nigerian scams.Cybercriminals are distributing malware with the aid of emails which inform recipients that they’ve won a couple of tickets for the event. The links from the messages point to a malicious site that serves a file called eTicket.rar.
The archive file contains an executable named eTicket.exe. This is actually a variant of Bancos, the Trojan that’s designed to steal personal and financial information from the computers of users in Latin America.
Another scheme observed by Symantec leverages the name of CIELO, a Brazilian payment card operator.
“Congratulations, you have been chosen to take part in the Cielo Cup 2014. To promote World Cup 2014, you must register to compete for prizes worth 20 thousand Reais, Tickets, accommodation in exclusive places during the 2014 world cup and you could also win a Fiat Doblo 0 Km,” emails that purport to come from the company read in Portuguese.
In reality, the notifications have nothing to do with CIELO. The link from the emails points to a phishing site where users are asked to hand over their information.
The 419 scam seen by Symantec targets English-speaking users. Scammers are sending out emails that carry the subject line “Window Live Games 2014 FIFA World Cup.”
The messages read something like this: “Notice: This e-mail message and any attachments contain confidential information and are solely for the confidential use of the intended recipient. If you are not the intended recipient, please do not read his message or any attachments.”
A Word document attached to the email informs recipients that they’ve won in a lottery sponsored by some major companies. Users who fall for it are asked to hand over personal information, and possibly even some money that’s allegedly needed to complete the transaction.
Check out what these emails and websites look like: