Email Fraud Using Brazilian Gol Airlines Crash

Date:10.02.2006

Threat Type: Malicious Website / Malicious Code

Websense® Security Labs™ has received reports of a fraudulent email which targets Brazilian users. Users receive an email with a link to a malicious website containing pictures of the recent Gol Airlines Boeing 737 crash in Brazil. This website contains a Trojan downloader which is used to install a banking keylogger.

Sample email:

Subject: fw: as fotos do acidente do boeing da Gol!

Descobri o site onde estão as fotos do avião da Gol!
São fotos impressionantes mesmo.

<URL REMOVED>

Não sobrou quase nada do avião!!

Sample Email (translated):

I have discovered a website with pictures from the Gol Airplane!
The pictures are really impressive.

<URL REMOVED>

There is almost nothing left of the airplane.

Screenshot of malicious webpage:

Further information on the plane crash:
http://news.bbc.co.uk/2/hi/americas/5397902.stm