This week, we’ve received some reports related to a new malware attack regarding a tragedy that has early this month: a five-year-old child was thrown out of a window. The police are investigating the tragedy and the latest reports say that all evidences indicate the parents as the ones responsible.
Hackers sent the spammed email message below, where they promise a video with new and exclusive information regarding the case, including findings about who the suspects are.
Figure 1: Email message promising to reveal the responsible parties of the murder
The link in the mail has an obscured address (hxxp://83.x.x.136/terranoticias/index.html) to a fake page from a big and legitimate ISP in Brazil (Terra Networks):
Figure 2: Fake page from a Legitimate Brazilian ISP
After the user clicks the link promising the video, the browser instead tries to download the file verdade.com.
Figure 3: Download dialog box
This file is detected by Trend Micro as TROJ_BANLOAD.EOZ. Users who have Trend Micro protection have been safe from this threat from the beginning, as Web Reputation Services (WRS) proactively recognizes the fake Web site.