We have recently seen some instances of spam email hitting our spam traps with a story about the Brazilian soccer coach Dunga, who was given a black eye by an angry fan last Sunday. The spam email has the following characteristics:
Subject: Tecnico Dunga e agredido por Torcedor.
Email body: (Translated)
Dunga trading punches with fans, and ends with black eye. The coach of Brazilian national team, Dunga, was hit on Sunday morning by a fan who was angry about not having called Ronaldinho Gaucho and Paul Henry Goose. It happened around 10:00 am yesterday in CT training in Johannesburg in South Africa, Dunga filed a complaint with the police but the accused managed to escape.
>> Watch the video released
The link redirects to:
The server offers up a file named Arquivo_ID73862.cpl (Detected as Downloader).
The downloader downloads various files that ultimately lead to a banking Trojan (Infostealer.Bancos!gen), which is fairly typical of malware targeted at Brazilian users.
As World Cup fever continues to build and various events and dramas unfold over the coming weeks, we can expect to see more of these opportunistic attacks surfacing, such as has been reported in Fake AV World Cup Campaign Ramps Up and FIFA World Cup: Watch all Matches for Free on an Adult Video Site?. As for this attack, its distribution is quite limited and Symantec customers are protected by way of our antivirus and anti-spam protection.
For more information about staying safe on the net (pardon the pun), why not visit our World Cup site at 2010netthreats.com.
Note: Thanks to Roy Meshulam from the ESG team for the heads up.