Monday, June 19, 2006

Soccer (Football) Fans Killed by Teenagers Spoof Downloads Trojan

Websense is reporting that a spoof e-mail - which lures it's victims with the headline "Teenagers Kill Soccer Fans" - has a Trojan Horse downloader hidden in it.

Here is the alert from Websense:

Websense® Security Labs™ has reports of a new email that is spoofed as a story about a group of soccer fans that have been killed by teenagers. The email includes the subject: "soccer fans killed by 5 teens" and includes an attachment called "soccer_fans.jpg.exe".

If the attachment is run, a Trojan Horse downloader connects to a website that is hosted in the United States and was up at the time of this alert. The filename downloaded is called "dianaimag.exe". When that file runs, it attempts to disable Microsoft's Firewall and then visit another website to download code.

Both sites are hosting adult content and may have been compromised, or may part of the authoring of the malicious code.

For the alert from Websense, link here.

This is an obvious attempt to take advantage of the World Cup, which is going on right now. The funny thing is that since they used the term "soccer," the spoof will lose meaning in most of the countries where it is the most popular. I guess these criminals aren't as smart as they think they are:)

No comments: