As the 2010 Winter Olympics kick off in Vancouver, the games are on everyone’s radar, including the cybercriminals who are looking to capitalize on this world event to spread malware and stage a few targeted attacks.
Spam campaigns featuring breaking news stories filter through to in-boxes faster than ever before, as automated scripts scrape headlines and the text of news stories from hundreds of Web sites. This year, cybercriminals are taking their attacks one step further, sending sinister emails using the Olympics as a guise to distribute malicious content in highly specialized, targeted attacks.
One example of Olympic-themes malware is an email with the subject, “Information and resources to help you travel during the Vancouver 2010 Winter Games. TravelSmart 2010.htm,” as in the sample below.
Recipients of this type of email need to be particularly careful, as all the links within the email are legitimate links to genuine sites, which is why it can often escape AV detection. A hidden iframe embedded in the email itself is particularly dangerous, as it can be used to drop almost anything onto the victim’s computer, including malicious content.
MessageLabs Intelligence has also intercepted Olympic-themed targeted attacks with the subject, “How to make Olympics more interesting?”
While the body of the email is simple, there is an attached presentation program file which is malicious and attempts to use an exploit to install malware on the target machine.
The volume of these targeted attacks is very small in terms of global malware, as by its nature, the attack it is not designed to be widespread. As a targeted attack, it is meant to attempt to gain access to a small number of specific users’ machines.
Through sophisticated social engineering techniques, cybercriminals harvest personal information that enables them to tailor each message for the intended recipient, boosting the chances for the email to be read. If just one gets through, the damage to the victim could be substantial.
To avoid becoming a victim of cybercrime during the 2010 Games, follow these best practices:
- Purchasing Official Olympic Tickets — When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.
If it sounds too good to be true, it probably is — Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.
Use caution when clicking links from within emails or IM messages — Links can contain viruses or Trojans, or lead users to infected Web sites. Never click a link in a suspicious email. Instead, make it a habit to type the full Web site URL, such as “www.YouTube.com,” into your Web browser.
Never fill out forms in messages — Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.
Update your computer — Have a hacker-free Olympic experience by ensuring that all personal and work computers are protected with up-to-date antivirus software and the latest operating system and application patches.
Using newsworthy events in spam campaigns and leveraging social engineering are two of the primary attack vectors being used today, and the number of attempted attacks using both techniques is sure to increase in 2010. Cybercriminals continuously develop new and increasingly sophisticated ways to fool people into reading their emails, clicking on malicious links, visiting compromised Web sites and divulging sensitive information.
Taking a few simple precautions before accessing unknown online content is important for keeping your computer and personal information safe. Above all else, be aware of the risks, trust your instincts, and exercise caution online. Keeping your online identity safe is the best way to win the gold.
Paul Wood is a senior analyst for MessageLabs Intelligence, Symantec Hosted Services.