'FIFA World Cup South Africa Bad News' Spam Email Redirects to Malware-Hosting Sites

world cup spam message spreading malwareA new wave of malicious spam emails have been identified to with the subject line 'FIFA World Cup South Africa Bad News' and contains an attachment that links to a malicious website using JavaScript.

Cybercrooks are utilizing the current World Cup soccer events as a popular subject line to spread malware. The spam message, first reported on Websense Security Labs blog, uses a web link attachment that when clicked initiates a JavaScript code and redirects your web browser to a malicious site. The script code looks like those that have been used in script injections on legitimate web sites. The script even goes as far as to verify that you are redirected to an attack site only one time and then if the script is run again the user is redirected to spam sites instead.

This tactic uses a simple message that reads "Hello!! FIFA World Cup 2010 scandal news, read attached document" as shown in the image to the right. The site that users are redirected to after clicking on the attachment is "hxxp://www.advanced[removed].com/xnu4ej/z.htm".

Computer users are suggested to use caution when opening an email related to a recent event or popular news story. Hackers like to exploit current world events to persuade users to open spam emails and, inadvertently, download malware disguised as an email attachment. The 2010 FIFA World Cup is one of the most important sport events and hackers will take advantage of its media attention to spread malware attacks in form of email campaigns.

Do you get 2010 FIFA World Cup updates in your email inbox? Do you suspect that any of the 2010 FIFA World Cup related emails are spam messages?