Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Spammers sprint for Olympic Gold

Tan Yuh Woei | Aug. 23, 2012
Some threats and scams from the 2012 London Olympics

As you read this, the 2012 London Olympics have successfully closed. The pomp and ceremony united an unprecedented global audience. With spirits running high, however, we also saw the expected spike in cyber criminals trying to capitalise on the consumer frenzy. Attackers attempted to take advantage of people's interest in the events, launching a variety of attacks and scams with Olympic-based themes.

Similar sporting-themed attacks took place during the 2008 Olympics in Beijing and during the 2010 World Cup in South Africa, so this is not a new phenomenon, but the social engineering employed in many of these attacks may be unfamiliar to a new audience. For the most part, there may only be a few differences in the attacks; for example, spammers began their Olympic campaigns quite early, sending out their first spam runs back in March 2011. Attackers also tailored their attacks towards mobile devices and social networks.

Some of the Olympic-related threats and scams seen during this include:

Twitter bots: Attackers actively used Olympic-related trending topics on Twitter throughout the Games in order to entice people to click on malicious links. The Tweets appeared to be generated by bots, with poorly constructed, ambiguous sentences.

The shortened URLs within the tweets led to fake pages that appeared to cover a variety of topics, including business strategy tips and health-related themes. The real purpose of these sites, however, was to spread malware. An attack toolkit was set up on the back end of the pages that attempted to install trojan back doors or fake security software on vulnerable computers that visited these websites. The attack would've played out in a manner similar to this video.

The accounts were generally created the day the Tweets were sent, rarely had any followers, and rapidly posted a few Tweets each minute using a wide variety of hash tags linked to trending topics. Twitter was quick to identify these accounts and suspend them within a few hours of their creation.

Fake Olympic scandals: There were also a few instances of spammers attempting to trick users into downloading malware. One such recently encountered spam e-mail hinted at a doping scandal, and included a link to a website that mimicked YouTube. The video in question purported to be about the supposed scandal, but instead of playing the video, the link told the user to install a new version of Flash Player. If the user clicked OK and ran the executable, they infected their computer with a trojan. This threat contacted a large list of malicious domains, attempting to download further malware, thus opening the computer to a variety of threats.

Android malware: Android.Opfake is a malware written for Android devices that masquerades as various apps and content, including an installer for the Opera Web browser and a pornographic movie, which requires the user to pay for them. It demands payment for the app or content through Short Message Service (SMS) messages. The attackers behind Android.Opfake bundled their threat with a copy of a legitimate Olympics application. The legitimate app, a game promoting some of the more popular Olympic sports, was copied and repackaged with the trojan and then distributed on a Russian Android app marketplace. If installed, the trojan sent premium-rate SMS messages from the compromised device, leading to profits for the attackers and an increased mobile phone bill for the user.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.