Spammers Exploit Brazilian Plane Crash - InformationWeek
Software // Enterprise Applications
11:18 AM
Data Tells: Dissecting Every Day Data
May 31, 2017
Join us as the author of the book "Everydata: The Misinformation Hidden in the Little Data You Con ...Read More>>

Spammers Exploit Brazilian Plane Crash

Spammers are luring unsuspecting users to a malicious Web site by sending out e-mails promising information about the crash and the victims onboard.

Spammers were quick to take advantage of the tragic plane crash in Brazil this week.

Researchers at Websense Security Labs reported that a new spam campaign is using this week's crash to lure unsuspecting users to a malicious Web site. The e-mails link to a Web site that purports to contain information on the people onboard the plane, but actually simply infects the users' computers with malware.

On Tuesday night, an Airbus 320 with about 176 people onboard skidded off a runway during landing at an airport in Sao Paulo. The jetliner, which was owned by TAM Airlines, hit an office building and gas station, creating a fire that took hours to extinguish.

According to Websense, the message on the malicious Web page reads, "TAM reports that flight JJ3054 has taken off from Porto Alegre with 170 people onboard, between passengers and employees plus six more crew members (commanders and flight attendants). As soon as their names are confirmed, we'll notify the families before any further information becomes public, as determined by existing law TAM has made public all information available so far. Any relevant information will be provided immediately from TAM."

Websense reported in an advisory that users are prompted to run some code. However, when the code is launched, a Trojan Downloader is installed on the users' computers. The malware then connects to another site to download and install an information-stealing Trojan Horse.

The Web site, which has been compromised, is hosted in Korea. Websense researchers say this isn't the first time the site has been taken over to host malicious code.

Spammers generally are quick to take advantage of headline-grabbing tragedies.

In April, spam that promised images of the shootings at Virginia Tech began hitting inboxes worldwide. The spam carried a photograph of gunman Cho Seung-hui, who killed more than 30 students and teachers at the Virginia school before killing himself. The e-mails claimed to link to a Brazilian Web site carrying movie footage of the campus shootings, according to researchers at Sophos. Instead, curious uses who connected to the site were infected with spyware that acted like a banking Trojan.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll