Cyber-criminals are using the Olympics to put malware on the podium, hijacking legitimate Olympic coverage and content so as to infect those involved with the Beijing Games and its fans, according to security experts.
Olympic fans reading the Agence-France Presse (AFP) coverage on the New Delhi Television Limited (NDTV) Web site were exposed to malware after the site fell prey to a SQL injection attack.
Athletic organizations around the world have also been hit with a legitimate-looking, targeted phishing scam.
A Google search reveals a Web page altered by SQL-injection.
Experts in the computer security community have been warning the Olympic Games would be a prime target for cyber-crooks looking to spread malware.
Now those predictions seem to be coming true, according to Graham Cluley, senior technology consultant at U.K.-based Sophos PLC.
“Hackers are especially keen to hit high-traffic pages of the Internet as it increases their potential pool of victims” he says on his blog. “These pages are likely to be getting a lot of visits at the moment as the world is following the Olympic Games closely.”
Security experts say AFP isn’t to blame for the NDTV Web site getting infected.
“Poor coding in this environment can leave a site susceptible to an SQL injection,” says Paul Baccas, a Sophos security analyst. “What I believe happened is this news site setup a machine to syndicate news from AFP and forgot about it.”
Baccas first identified Olympics-content related attacks on his blog.
SQL Injection attacks are a direct insertion of code into a place where a user inputs information. That gives hackers an opportunity to inject SQL commands that are executed blindly by the server. Visitors to the Web site are then re-directed to malware-infested Web locations without even noticing the change.
In addition to being difficult to detect by Web administrators, SQL injection means hackers can use legitimate sites to infect more Web users than ever before.
It’s being done by cyber-criminals looking to make money, says Brian Bourne, president of CMS Consulting in Toronto.
“Any site carrying content from the Olympics is going to be popular, so hackers will get a better return on their investment,” the security expert says. “The incentive is typically financial.”
Hackers also executed a very targeted phishing scam in the days leading up to the opening Olympics ceremony.
Malware was being distributed via fraudulent – but legit-looking –
e-mails supposedly being sent by the International Olympic Committee to sporting organizations of participating nations, according to a report from New York-based Web security vendor MessageLabs.
A total of 19 different e-mail domains were targeted by 57 e-mail messages, says the report. The malicious package was hidden inside a PDF file attached to the e-mail. Users who opened the attachment were exposed to an executable file, and the malware then began mining for confidential information.
“As the e-mail and its attachment appeared legitimate to many recipients, it was subsequently innocently forwarded to other news and sporting organizations,” the report says.
As hackers continue to target highly-popular events such as the Olympics to boost infection rates, Web site administrators must start taking note, Bourne says. Too many administrators are willing to roll the dice, choosing to save money on security measures by taking the risk their site will become infected.
“If a company feels there is a low chance its Web site will be targeted, it will focus on other IT projects instead,” he says.
But there are free tools and lots of free advice available for those interested in preventing the problem. See a collection of tips and tricks recommended by Bourne and others in this past ITBusiness.ca story: “How to not have your Web site hacked like Sony’s“.
Meanwhile, Bourne also has a novel suggestion for those Olympic fans who want to surf the Web safely: try doing all your browsing from a virtual machine. You can set one up for free with software like Microsoft’s Virtual PC.
“The virtual machine might get infected, but as soon as you close it and discard the changes, it’s gone,” he says. “You could go to a Web site and let the malware run, then see how much it messes up the machine before clearing it out with the click of a button.”
The expendable virtual machines can be set up by those with a minimum of tech-savvy, Bourne adds. Everyone should also run an anti-virus program and keep it up-to-date.