The recent World Cup has lead to a peak in malware activity registered in Brazil. Kaspersky Lab blocked 87 776 attempts to launch malicious programs in the country, which is four times higher than second-place Russia.
The FIFA World Cup officially kicked off on the 12 June 2014, although cybercriminals were closely following events in Brazil long before that. Phishing sites exploiting the World Cup theme began appearing in March of last year. In January 2014, spam mailings were registered that simulated lottery wins for World Cup tickets, but which actually contained Trojans.
As a result, by April, Brazil ranked first in the number of financial malware attacks and since then the number has almost doubled. After the tournament the practice of stealing money using adware programs offering pay-for-view broadcasts from “the best camera” was widespread – substantial amounts of money were withdrawn from users’ accounts, but they received nothing in return.
The rest of the financial cyber-threat picture has not changed much compared to the previous reporting period. Trojan-Spy.Win32.Zbot, Trojan-Banker.Win32.Lohmys and Trojan-Banker.Win32.ChePro remain among the most widespread malicious software.
The most notable change was the departure of Trojan-Spy.Win32.Carberp from the threat rating. Its place was taken by Trojan-Banker.Win32.Shiotob, a Trojan sent via spam messages that is capable of monitoring browser traffic and intercepting user credentials.
One of the most memorable incidents during the reporting period took place at the beginning of June, with law enforcement agencies from the US and Europe involved in an operation to take down the major Gameover Zeus botnet.
The botnet was used to steal credentials, as well as to spread Cryptolocker ransomware, which encrypts user data and demands a ransom for the decryption key.
The damage attributed to this botnet is estimated by the FBI to be $100-million, and its alleged author, a certain Evgeny Bogachev, is among the top 10 most-wanted cybercriminals in the US.
“As well as fans, the World Cup attracted cybercriminals interested in the payment details of football enthusiasts. As expected, the attackers took advantage of the hype surrounding this major global event and began targeting users through a variety of channels. It is likely that in the aftermath of the championship cyber activity in Brazil will normalise, having a knock-on effect on the global distribution of threats.
“However, that is no reason to lower your guard – summer is a time when people make all sorts of purchases, entering billing information on lots sites, and, of course, that data is of particular interest to criminals,” comments Yuri Namestnikov, anti-malware expert, Kaspersky Lab.