Santa Catarina Disaster Spam Message Spreads Video_SC_Desastre.exe Trojan

Have you ever received an email related to disaster relief of or a messaged associated with a recent disaster area? You would think that a message of this nature would be truthful and nothing that a hacker would actually take advantage of right? Well, think again! A spam campaign that uses an email message that appears to be a news alert about the Santa Catarina disaster to spread the Video_SC_Desastre.exe executable file which is nothing but a Trojan downloader.

Trojan downloaders are serious infections that may have the capacity to download other malware onto the affected system. The Video_SC_Desastre.exe file poses as a video file which is included in the spam message with the subject line reading: “Video Exclusivo Desastre Santa Catarina!” which translates into: “Exclusive Video Santa Catarina Disaster”.

Below is a screen shot of the spam message from Websense Security Labs:

(websence security labs)

Recipients of this spam message are not infected with a trojan until they click on the included image which leads them to a malicious site to download the Video_SC_Desastre.exe file. After that the executable will connect to a site prompting the download of password stealing Trojans. Usually these downloaded files are hosted in the form of JPG image format but are actually executables. We know with experience that an executable file can potentially wreak havoc by downloading or installing malware onto the system running the malicious executable.

The Santa Catarina Disaster spam message may have evolved recently where it spreads Trojans through a msnmgr.exe which spoofs MSN Messenger but is actually another password stealing Trojan. You must avoid opening or clicking on images contained in any message that may have the subject line: “Video Exclusivo Desastre Santa Catarina!”.

Have you seen this message in your inbox? Did you end up clicking on the image within the email? We hope not!