The World Cup football season is just around the corner and it is only natural that we will see a lot of campaigns related to this global event.

Many advertising, marketing and promotional programs will capitalize on the excitement and interest of users in the 2014 World Cup. In addition to the legitimate marketing, advertising and promotional emails, users may also receive emails promising anything from free tickets to participating in raffles that could see the winner win a car.

“Does this sound too good to be true?” If you are thinking this, you are right!

Scammers will be looking to exploit people's excitement over the FIFA World Cup taking place in Brazil this June and the damage users will suffer if they fall victim to it can be severe.

Not only can users fall victim to a scam where their bank accounts can be emptied, but their computers can also be infected with malware that can do anything from stealing personal information by downloading a Trojan, to making the infected computer part of a botnet.

Symantec has detected and pointed out a series of phishing emails with content related to the 2014 FIFA World Cup. Below are some phishing email samples that Symantec has detected, they contain links to malware with the following illustrative titles:

Sent from: Parabens Voce foi o ganhador de um Par de ingressos[email protected]

Title: Copa do Mundo FIFA 2014

The title of this email can be translated as:

Title: Congratulations, you have won a pair of tickets[email protected]

Sent from: FIFA World Cup 2014

Emails containing malicious code have content related to the FIFA World Cup.

The email content can be translated as follows:

You have won a pair of tickets to the 2014 FIFA World Cup in Brazil!

Print this pair of e-tickets and pick up your physical World Cup tickets at a ticket office in your city.

Print tickets

Check the address of the ticket sales center in your city here

The user is then enticed to click on the link and print the match ticket. However, this link leads to a malicious URL that downloads the eTicker.rar file - which contains an executable file called eTicket.exe.

Clicking on the link causes the user to download a malicious file

Next, a file named thanks.exe (containing the Infostealer.Bancos trojan) will be placed in the following folder on the user's computer (so that it can be run every time Windows starts):

Programs/Startup/thanks.exe

The Trojan then continues to run in the background and tries to evade security software, stealing important financial information, saving the stolen data and sending it to a remote attacker at a later time. Symantec has also discovered that the malware has been adapted to target financial institutions in Brazil.

Symantec customers are well protected against these types of attacks thanks to the company’s “link tracking” technology, which checks all linked websites in emails for viruses and other security threats, allowing the exact type of malware in each URL to be identified. The detection is then recorded so that future emails containing links to the same malware are considered “infected” and quarantined.

Although the above email template is written in Portuguese and aimed at users in Brazil, it can be adapted to other regions, other countries and in other languages. Because football has a global impact, emails with similar content can target users all over the world.

Global events are attractive to cybercriminals because they can potentially fool more victims by tapping into people’s interests and curiosity. As such, Symantec predicts that 2014 World Cup scams will increase as the football festival approaches.

Symantec recommends that users should be vigilant and practice protective methods such as: Be cautious when receiving emails from unknown sources, unsolicited emails or suspicious emails; Avoid clicking on attached links in these emails; Avoid opening attached files in these emails; Use the latest security software updates; Regularly update anti-spam signatures.

According to VietNam.net