Home / mailingsPDF  

WSLabs, Malicious Website / Malicious Code: Brazil Airplane Tragedy Crimeware

Posted on 18 July 2007
Websense Security Lab

Websense® Security Labs(TM) has discovered a new email campaign that is using the most recent unfortunate plane crash in Brazil.

Users receive an email that attempts to lure the users into connecting to a website and roughly translates to:

"TAM reports that flight JJ3054 has took-off from Porto Alegre with 170 people onboard, between passengers and employees plus six more crew members (commanders and flight attendants).
As soon as their names are confirmed, we'll notify the families before any further information become public, as determined by existing law.
We remind you that TAM has started its Vitims and Family Assistance Program and provided a collect number 0800-117900, designed to provide information to families and crew members from this flight.
TAM had made public all information available so far. Any relevant information will be provide imediately from TAM."

Public Relations - TAM
Tel: (11) 5582-8167/8685/8153 "


The site is hosted in Korea, appears to have been compromised, and has hosted malicious code in the past from the Brazil region.

Assuming users click on the link they will be prompted to run some code. The code, when launched, is a Trojan Downloader which in turn connects to another site to download and install an information stealing Trojan Horse.

Websense Security customers are protected from connecting to the site.


For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=788

 

TOP