World Cup malware targets companies

Insecurity outfit Symantec is warning that cyber crooks are using interest in the World Cup to attack companies.

Writing on the company's blog, Symantec spokesman Daren Lewis said, "Message Labs Intelligence identified a run of 45 targeted malware emails intercepted in route to a number of Brazilian companies, including chemical, manufacturing, and finance firms. This social engineering attack exploits the excitement surrounding the 2010 World Cup in South Africa to prompt the recipients to take actions which may compromise their systems and corporate information."

The attack uses a dual-pronged approach using an infected PDF file and a malicious link, causing double the trouble.

"The email was spoofed from a well-known sportswear manufacturer, using the manufacturer’s .com.br domain and was sent from a server hosting company in Brazil. The manufacturer being spoofed is a sponsor of the FIFA World Cup which adds validity to the attack," said Lewis.

The subject line of the attack roughly translates to "If Brazil wins You also gain!" and the text in the body of the email says "Check by clicking on the ball!" above and "And see the catalogue of bonuses!" underneath a picture of a football. The ball in question is the official Adidas one, which we can only assume goes some way to identifying the mysterious sportswear manufacturer

The malware uses the ActiveX installer to execute and install output.exe which could open up the infected PC to control by a botnet.