Fly for $1 or Your Money Back!
Friday November 20, 2009 at 5:07 pm CST
Posted by Pedro Bueno
It is the time of year to get together with family and friends, and that often involves flying. So, how about a promotional airline ticket for just $1?
That sounds like an irresistable idea! Though it also sounds too good to be true. As you can imagine, there is something wrong here. Instead of flying for a buck, you may end up with several fewer hundred dollars in your bank account.
This example is the most recent seasonal spam targeting Brazilians. In the image below you can see the pitch.
When you click on the image, which is hosted at hxxp://dhroot.hpg.com.br/images/danosse.jpg, you’ll follow a link that will attempt to download a Trojan from hxxp://www.medcitybuilders.com/plugins/system/[REMOVED]/. This Trojan is a downloader that will copy a password-stealing malware that targets the customers of Brazilian banks. The malware is currently hosted at hxxp://www.radfahrschule.at/html/modules/PagEd/browsepics/[REMOVED].
In Brazil we say “there is no such thing as free dinner.” In the States there’s no free lunch. In this case we can also see that there are no free air tickets. 
November 24th, 2009 at 08:53
Pedro, these scammers also have a distorted sense of humor, since the “danosse” from the image file name is a misspelling for “Danou-se”.
I would like to remark that I have first reported this scam back in October 15th at http://spamquerecebe.blogspot.com/2009/10/voegolnet-nao-e-site-da-gol-e-virus.html. At that time, this attack was so new that PhishTank community judged that the page was “not a phish” – just check http://www.phishtank.com/phish_detail.php?phish_id=845056.
The phishing sites are becoming so professional that they fool even McAfee Site Advisor technology, just check this example at http://www.siteadvisor.com/sites/bancodobrasilportalbb.com/ which was confirmed to be a phishing site by PhishTank (http://www.phishtank.com/phish_detail.php?phish_id=870145)
When it comes to security we must always rely on more than one source.