Who wouldn’t be enticed to watch a video that hints at an Olympic doping scandal? We’ve monitored spammers attempting to trick users into downloading malware by using the fake scandal rouse. The user is sent to a website that mimics YouTube and the video in question purports to be about the supposed scandal, but instead of playing the video, it tells the user to install a new version of Flash Player. If the user clicks OK and runs the executable, they will infect the computer with a Trojan.
By Paul Wood, Cyber Security Intelligence Manager, Symantec
The Olympics are an exciting time when our national pride is at an all time high. I’m sure that most of us find ourselves constantly refreshing scores and medal standings online. But, as with other major sporting events, including the soccer World Cup in 2010, we’ve seen attackers attempt to take advantage of people’s interest in the events, and recently they’ve launched a variety of attacks and scams with Olympic-based themes.
Attackers have been actively using Olympic-related trending topics on Twitter in order to entice people to click on malicious links. The Tweets appear to be generated by bots, with poorly constructed, ambiguous sentences.
The shortened URL leads to a fake page and its real purpose is to spread malware. An attack toolkit is set up on the back end of the pages and will attempt to install Trojan back doors or fake security software on vulnerable computers that visit these Web sites. The accounts themselves are generally created the day the Tweets are sent, they rarely have any followers, and rapidly post a few Tweets each minute using a wide variety of hash tags linked to trending topics. Twitter has been quick to identify these accounts and suspend them, generally within a few hours of their creation.
Fake Olympic scandals
Who wouldn’t be enticed to watch a video that hints at an Olympic doping scandal? We’ve monitored spammers attempting to trick users into downloading malware by using the fake scandal rouse. The user is sent to a website that mimics YouTube and the video in question purports to be about the supposed scandal, but instead of playing the video, it tells the user to install a new version of Flash Player. If the user clicks OK and runs the executable, they will infect the computer with a Trojan. This threat contacts a large list of malicious domains, attempting to download further malware, thus opening the computer to a variety of threats.
Symantec has also monitored spam and phishing attacks that offer free gifts related to the Olympics, for example, the phishers masquerade as a credit card company promotion and created an eye-catching phishing site. The phishing pages, hosted in Brazil, included several fake offers such as “Win Free Trips to the 2012 Summer Olympics in London!”, “Participate and win laptops, cameras and many great prizes.” In order to ‘win’ customers are asked to provide confidential information including full name, email address and password, date of birth, credit card number, name on card, and security code.
- Do not click on suspicious links in email messages
- Never enter personal information in a pop-up page or screen
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate. Look for a padlock, ‘https’, or a green address bar
- Frequently update your security software, which can protect you from online phishing
Other highlights from the Symantec Intelligence Report: July 2012
- Spam – 67.9 percent of total email in Canada (a global increase of 0.8 percentage point since June 2012)
- Phishing – One in 244.9 332 emails identified as phishing in Canada (a global decrease of 0.003 percentage points since June 2012)
- Malware – One in 275 271.3 emails contained malware (a decrease of 0.023 percentage points since June 2012)