NFL Kickoff weekend and another Dorf malware campaign

Filed Under: Malware, SophosLabs, Spam

For the third year in a row 16 games of the NFL American football kick-off weekend were sold out in advance. With the great popularity of the sport and its first seasonal weekend, it is perhaps not surprising that the writers of Mal/Dorf family are using NFL to entice users into visiting infected web pages and infecting their own computers.

A new Mal/Dorf campaign we saw with the beginning of the weekend uses several subjects related to the start of the American football season:

Are you ready for football season?
Free NFL Game Tracker
Football Season Is Here!
Do you have your NFL Game List?
Football Fan Essentials
FOOTBALL! Are You ready?
Get Your Free NFL Game Tracker
NFL Season Is Here!

A URL in the email message points to the IP address of an infected host with malware serving a fake NFL Tracker page.

NFL Kickoff-weekend and Dorf malware campaign

It is interesting that the game result displayed in the page is the actual result of the first NFL game held last Thursday which shows that the campaign was well researched. This time the HTML page does not attempt to silently install malware in the background like previous Dorf campaigns. However all URLs in the page link to a malicious file tracker.exe. Despite another change in the Dorf campaign, users of Sophos anti-spam and anti-virus software are protected against Dorf NFL related email messages (detected as spam) and against malicious files hosted on infected computers (proactively detected as Mal/Dorf-D).

You might like

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.