Messaging Newswire
Follow Us on Twitter
Facebook Page
Google Plus Page
RSS feeds
Olympic Games Attracting Malware Writers
Widgets & RSS FeedsAlong with the upcoming Vancouver 2010 Winter Games, come cyber criminals using the event to spread malware and stage targeted attacks. MessageLabs Intelligence research offers two examples to be on the lookout for:
An email with the subject, “Information and resources to help you travel during the Vancouver 2010 Winter Games. TravelSmart 2010.htm” which includes legitimate links to genuine sites. However, the company says a hidden iframe embedded in the email itself can be used to drop almost anything on the victim’s computer.
MessageLabs Intelligence also detected an Olympic-themed targeted attack with the subject, “How to make Olympics more interesting” While the body of the email is simple, there is an attached presentation program file that is malicious and attempts to use an exploit to install malware on the target machine.
“We have seen three instances of this attack so far in February, which is a very small number in terms of global malware, but by its nature it is not designed to be widespread,” explains Paul Wood, MessageLabs Intelligence senior analyst for Symantec Hosted Services. “As a targeted attack, it is meant to attempt to gain access to a small number of specific users’ machines. If just one gets through, the damage to the victim could be substantial.”
To avoid becoming a victim during the 2010 Games, Symantec recommends the following best practices:
- Purchase official Olympic tickets—When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.
- If it sounds too good to be true, it probably is—Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.
- Use caution when clicking links from within emails or IM messages—Links can contain viruses or Trojans, or lead users to infected websites. Never click a link in a suspicious email. Instead, make it a habit to type the full Web site URL, such as http://www.YouTube.com, into your Web browser.
- Never fill out forms in messages—Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.
