If an event is newsworthy, you can be sure cybercriminals are exploiting it to their own advantage. Cybercriminals have jumped (as expected), on the 2010 Olympic Games which open tomorrow, February 12, 2010, in Vancouver, Canada.
In the continuing battle against cybercriminals, and their attempts to separate unwitting victims from their money, the MessageLabs Intelligence research and response team “have identified emails from cyber criminals attempting to use the Olympics to spread malware and stage targeted attacks”.
First, an email with the subject, “Information and resources to help you travel during the Vancouver 2010 Winter Games. TravelSmart 2010.htm”, which includes legitimate links to genuine sites. But, a hidden iframe embedded in the email itself, can be used to drop almost anything on the victim’s computer.
Second, an Olympic-themed targeted attack with the subject, “How to make Olympics more interesting?” While the body of the email is simple, there is an attached presentation program file which is malicious and attempts to use an exploit to install malware on the target machine.
According to Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services:
“We have seen three instances of this attack so far in February, which is a very small number in terms of global malware, but by its nature it is not designed to be widespread. As a targeted attack it is meant to attempt to gain access to a small number of specific users’ machines. If just one gets through, the damage to the victim could be substantial.”
To avoid becoming a victim during the 2010 Games, Symantec urges you to follow these best practices:
Purchasing Official Olympic Tickets – When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.
If it sounds too good to be true, it probably is – Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.
Use caution when clicking links from within emails or IM messages – Links can contain viruses or Trojans, or lead users to infected websites. Never click a link in a suspicious email. Instead, make it a habit to type the full website URL into your Web browser.
Never fill out forms in messages – Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.
Update your computer – Have a hacker –free Olympic experience, by ensuring that all personal and work computers are protected with up-to-date antivirus software and the latest operating system and application patches.
I’ll go one step further; in dealing with anything having to do with the 2010 Olympics, on the Internet, exercise extreme caution.
About Symantec: Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. More information is available here.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.