English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Carolina Dieckmann, Brazilian cybercrime legislation and la “Viveza criolla”

0.2
 

    Carolina Dieckmann, a famous Brazilian actress, recently became the victim of cyber attacks that allowed cybercriminals to steal personal property - nude pictures of her- from her computer. Many pictures or maybe all of them got leaked to the Internet. This incident has served as a good incentive for the Brazilian government to have new cybercrime laws in the country (the current law to fight cybercrime in Brazil was approved back in the 40’s of XX century). As a result of this incident, a new cybercrime law that carries a punishment of up to 2 years in prison for such crimes has finally been proposed for consideration. This is a good and right move! A press article in Portuguese can be read here.

Now, I will mention some of the attacks used by cybercriminals under these perfect circumstances and link them with the mentality of Brazilian cybercriminals. Basically, they it want all and they want it for free.
We have registered malware attacks via Email leading to specially registered domains with fake certificates and Java applets installing malicious code:

We also found malware attacks spreading via File sharing services claiming to be that secret package of pictures leaked to the press:

All malware is of course financially targeted, stealing logins from banks and also credentials from some email providers.

Another interesting malicious activity related to this campaign is related to the abuse of the Dropbox service. Dropbox offers extra space for each referral. So what cybercriminals do is make Youtube videos with instructions on how to acquire the leaked nude pictures of Carolina providing a short Google URL leading to a sign up page first.

The video first explains that you have to sign up and only then will you get the pictures. After signing up, the installation of the official Dropbox app is required. This way the criminal behind the video gets more and more extra space from each victim for free. But the extra space is not the only advantage here.
The second and most important benefit is to keep in touch with the victims via a pre-shared dropbox folder which is supposed to be used for Carolina´s nude pictures. The criminal will always be able to put any content into that folder, including malware, and instantly all of his new referrals (victims) will get a pop-up update via the Dropbox app and for sure they will click on it.

So far, there are 320 clicks on the short malicious URL and most of them are from Brazil using Windows and Google Chrome as the most typical setup:

In conclusion, Brazilian cybercriminals have been always good in “Viveza criolla” or "Jeitinho brasileiro". This is actually the main trick they use in most of their attacks.

I’m really sorry about what happened to Carolina. Nobody would like to get personal data leaked! At the same time, I´m glad a new initiative is taking place in Brazil and hope that this country will have a proper modern legislation to fight cybercrime very soon.

3 comments

Oldest first
Threaded view
 

Tiago R. Zacchello

2012 May 17, 06:39
0
 

Fake certificate

Hello, Dmitry
May you explain more about ciber criminals using fake certificates?
I mean, what kind of certificate is it?

Reply    

Dmitry Bestuzhev

2012 May 19, 17:06
0
 

Re: Fake certificate

Hye Tiago.

Thanks for the question, please let´s talk via DM on Twitter. My twitter is @dimitribest

Reply    

This comment was deleted by Mário Madrigrano, 2012 Aug 11, 21:18

Dmitry Bestuzhev

2012 May 19, 20:17
0
 

Re: Cybercrime in Brazil.

Hello Mario,

Thank you for the input and your opinion. I sincerely hope Brazilian government approves soon the new legislation to fight effectively cybercrime.
From our side we will keep working on bringing best protection against new malware and techniques cybercriminals may use.

Thank you again.

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog