By Fahmida Y. Rashid
Cyber-criminals are using the upcoming summer Olympic Games in London as bait to lure unsuspecting Internet users to their malicious websites and scams.
The Department of Homeland Security laid out the many threats to the Olympic Games in a detailed warning last week. DHS warned about politically-motivated attempts to disrupt the Games that may use physical methods or cyber-attacks, such as defacing websites and distributed-denial-of-service attacks. The warning also devoted a section to potential spear phishing attacks to steal information and malware and spam designed to divert Internet users to malicious sites.
Internet users need to beware of social engineering scams, malware redirects, poisoned search results using blackhat search engine optimization (SEO) techniques, and regular scams, DHS warned. The DHS is also worried about the potential of malicious mobile apps masquerading as Olympic-related applications.
Let the 2012 London Malware Olympics Begin!
The 2012 Summer Olympics are scheduled to begin in London on July 27, and phishing and scam attacks offering tickets have already begun circulating, said the DHS. The attacks are designed to trick users into handing over personal information and credit card information. Cyber-criminals have also begun sending out malicious attachments, one of which exploit an older stack buffer overflow vulnerability to download additional malware, the DHS warned.
Users should be “wary of Olympic (and any other current event) themed emails that have attachments and/or links,” F-Secure wrote in a recent blog post.
Researchers at F-Secure discovered a specially crafted PDF file masquerading as a copy of the London 2012 Olympics schedule. The schedule itself is legitimate, as the original file is still on the official London Olympics page. However, once this file is opened, it exploits a two-year-old vulnerability (CVE-2010-2883) in older versions of Adobe Reader and Acrobat. The PDF file acts as a dropper, downloading other executables onto the compromised computer to launch other attacks.
Considering that the vulnerability was patched a long time ago by Adobe, users should be safe, right? Not quite, since end users and administrators don’t always keep up with the latest versions of software. Criminals often rely on exploits targeting older vulnerabilities because they know there are enough potential victims out there who haven’t patched the flaws.
“If you don’t already have the current version of Adobe Reader, you really should go get it now,” F-Secure researchers wrote in the blog post.
Cyber-criminals can also create malicious sites to distribute fake antivirus and other types of rogueware. They employ SEO tricks to ensure these sites appear on search result pages for certain keywords, and users are tricked into downloading malicious software. There will also be sites offering exclusive footage, but really using fake videos and codecs to distribute malware.
Since Yahoo was the “top ranked global destination for Olympics coverage for the past three Games,” it is “probable” that criminals will target Yahoo for SEO poisoning for the 2012 Games, according to the DHS.
As F-Secure researchers said, your systems should have the latest software versions and the operating system should be fully patched. Don’t click on links promising deals that you weren’t looking for, and scrutinize links carefully when searching for Olympic-related pages. If you need Olympic-themed apps and software, make sure they are coming from reputable sources.
Criminals targeted the Beijing Olympics some 12 million times a day in 2008, according to the document. “During the 2008 Beijing Olympics, one gang made approximately $3.5 million USD selling fake tickets online to unsuspecting victims,” the DHS warned. Users landed on these fake ticket sites after clicking on a link in a spam message.
The organization running the Olympics is working hard to make sure their systems can sustain attacks from external threats, but you need to protect your own computers and your data.