Users who are currently planning to go or return to Brazil, especially with the holidays coming up, should watch out for a recent spam run. Spammed messages fashioned to look like an email from a Brazilian airline are offering users tickets to Brazil for just US$1.

Here is a rough translation of the text in the spam:

Promotion Voegol the $1.00 is back, buy tickets or return for all of Brazil to only $1.00.
Visit our online service through the website:
http://www.voegol.com.br/Atendimento/ and mention code: VG1R
After that, wait for contact from a clerk, and make the purchase.
Further promotion visit:

The spam run seems to take advantage of the promotions currently being offered by the said Brazilian airline. As enticing as the offer is, however, the links in the said email leads to nowhere near cheap tickets. The link leads to a URL that downloads TROJ_DLOADR.APX. TROJ_DLOADR.APX then connects to other URLs to download TSPY_BANKER.NGN. TSPY_BANKER variants have been known to take special interest on Brazil. They are known to steal banking information specifically related to Brazilian banks.

Users are advised to ignore similar spam they receive and instead check out the airline’s website for promos and other offers. On the other hand, Trend Micro users are protected from this attack through the Smart Protection Network.

Threat researchers have been alerted to the discovery of a new exploit targeting Internet Explorer. Analysts have conducted tests and confirmed that the exploit affects versions 6 and 7 of the browser. Although the exploit is currently unreliable, cybercriminals may be able to create a reliable exploit in the near future. This may allow them to exploit websites and infect visitors. However, an attack may only succeed if hackers lure victims to specially crafted malicious Web pages or compromised websites. The attack also requires JavaScript in order to exploit Internet Explorer.

The exploit targets a vulnerability with regard to how Internet Explorer uses cascading style sheet (CSS) information. Trend Micro detects this exploit as HTML_SHELLCOD.WT and protects users via the Smart Potection Network.  

Internet Explorer users are advised to make sure their antivirus definitions are up-to-date. Disabling JavaScript and visiting trusted sites until fixes become available from Microsoft are also suggested.

Update as of 23 November 2009, 7:56 AM UTC:

Microsoft issued a security advisory on this vulnerability and confirmed that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are all affected.

According to the advisory, successful attempts to exploit the vulnerability results in the attacker gaining user rights to the system as a local user does.