Spammed Messages Cash In on London 2012 Olympics
Cybercriminals are known opportunists. They will take advantage of anything newsworthy and craft their schemes around (for example) sporting events like FIFA and the Olympics. As the London 2012 Olympics opening event draws near, we can expect a surge of spammed messages that leverage this event.
Below are some spammed messages we’ve spotted using the 2012 Olympics as bait, one involved an email that says “winning notification”, another message asks for personal details in exchange for a prize, and another that asks users to notify a specific contact person. Users who fall for any of these traps are at risk of having their information stolen or their machines infected with malware. Some spam may even lead to monetary loss.
Prize, Free Tickets in Exchange for Your Information
The first Olympic-related spam we’ve seen is an email that asks for personal information. For users to willingly give these details, the message inform recipients that they won free tickets. However to claim their prizes, users must divulge personal information such as home address/location, marital status, and even occupation. The message also stretches the truth further by informing users they won a big amount of cash prize.
The scammers behind this spam may use the gathered information in their future malicious schemes. They may also sell data to other cybercriminal groups.
Malware Disguised as Prize Notification
We have also encountered several messages supposedly related to London Olympics 2012 that arrive with attachments disguised as “winning notifications” and contain the details of the prize. Curious users who download and open the attachments are actually executing malicious files. Below is a sample email:
In a different spam run, we noticed a message with an attached file that is actually a Trojan (detected as TROJ_ARTIEF.ZIGS) that exploits RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333). Once exploit is successful, the malware drops the backdoor BKDR_CYSXL.A. Based on our analysis, this backdoor connects to remote user who may perform commands onto the infected system. What’s more alarming is that systems infected with backdoors are vulnerable to other threats, which may include malware that steal online banking credentials (passwords, usernames etc.).
Spam Asking Users to Contact Specific People
The third type of spam may look legitimate at first. To look authentic, the messages may spoof well-known entities like Visa and contain contact details of a supposed coordinator or contact person affiliated with the fake promo.
In the message, recipients are instructed to contact the supposed “coordinator” indicated in these messages. Once users send replies to the addresses, they will receive a reply from the scammer with instructions on how to claim their prizes. Eventually, users would be asked to disclose personal information. The scammers behind this threat may ask users for account details or deposit money to specific bank accounts, in order to get their prize.
Why These Spam Remain
These types of scams are nothing new. Some of its previous incarnations include spam claiming to be associated with the Beijing Olympics 2008 and the Torino Winter Games. So why is this still a threat to users? Cybercriminals are still earning money from this threat. Senior Threat Researcher Robert McArdle believes that “…attackers are still using these because these scams are still giving them successful margins. Social engineering has worked for years and there are little signs of that changing.” Thus, so long as users are still falling for this trap, scammers will continue to create new spam runs using events like the London Olympics to make a quick buck.
Trend Micro protects users from this threat via Smart Protection Network™, specifically web reputation service that blocks these messages from even arriving to users’ in-boxes. File reputation service, on the other hand, detects and deletes the related malware.
Users can also prevent these threats by doing some simple checking of emails. They should be wary of these tell-tale signs:
- Sloppy/unprofessional email format
- Obvious grammar mistakes
- Claim of an unbelievable amount of cash prize
For the latest news about the upcoming Olympics and related contests, users should rely on credible news sources/sites. To know more about how to better protect yourself from this threat, you may read our Digital Life e-guide How Social Engineering Works and our FAQ article Sports as Bait: Cybercriminals Play to Win.
Post from: TrendLabs | Malware Blog – by Trend Micro
Spammed Messages Cash In on London 2012 Olympics
Spotlight
Cloud Computing
- HR could play leading part in BYOD success
- US still safest bet among data center destinations
- Commission makes controversial security recommendation
- Government agencies working toward secure procurement
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Workforce mobilization becoming the new normal in healthcare
- Best practices for users to stay secure while virtualizing
- HR could play leading part in BYOD success
- US still safest bet among data center destinations
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet
The comments are closed.