Olympics 2008 - The Malware Events are underway

Posted Monday, August 11, 2008 1:57 PM by hwaldron

As many security sites have noted over the weekend, the bad guys have been taking advantage of this special sporting event. It is important to stay safe during the next two weeks by using the best practices in handling email, website visitation, instant messaging, e-commerce, etc. As reflected below, there are a number of "malware events" underway and here's hoping these participants will not earn any medals from these malicious acts.

A parallel Olympics for malware started today
http://www.avertlabs.com/research/blog/index.php/2008/08/08/a-parellel-olympics-for-malware-started-today/

QUOTE: With all the press coverage the Beijing’s Olympics is currently receiving, it doesn’t surprise us that malware authors are using it as a way of spreading their parasites. Today around the time of the opening ceremony we received a sample in the Aylesbury research lab, which proclaimed to be a set of images which showed the amazing architectural feats of the venues. While viewing the slideshow your machine would be infected by a classic BackDoor-CKB.

Scammers Try Their Luck (Again) on The Olympics
http://blog.trendmicro.com/scammers-try-their-luck-again-on-the-olympics/

QUOTE: With the Beijing Olympics now in full swing, you can bet that all the usual suspects will be trying hard to part users from their hard-earned money. It’s not just scammers; phishers are having a go at it as well. Users should keep this in mind: if it’s too good to be true, it probably is.

MORE EXAMPLES OF EARLIER ATTACKS
http://blog.trendmicro.com/you-just-won-the-beijing-2008-olympics-lotto/
http://blog.trendmicro.com/roswell-victims-spill-beans-on-the-beijing-olympics/
http://blog.trendmicro.com/let-the-games-begin/

Buyer Beware - Scam Olympic Ticketing Sites About
https://forums.symantec.com/syment/blog/article?blog.id=online_fraud&thread.id=93

QUOTE: A timely warning to those wishing to purchase last minute tickets for the Beijing Olympic Games of 2008 to beware of scams and rip offs. There are some fake but very well crafted ticketing Web sites that have been duping unsuspecting members of the public out of their hard earned cash by posing as legitimate suppliers for Olympic events. In particular, one such scam site has, according to media reports, already ripped off many individuals, some to the tune of US $57,000.


SQL Injection Attacks Targeting Chinese-oriented Sites
http://www.f-secure.com/weblog/archives/00001482.html

QUOTE: With all the attention on China these days, especially in conjunction with the Beijing 2008 Olympics Games, and with ‘China’ being one of the more popular search engine keywords at the moment, it makes sense for malware writers to focus their attention on the Chinese web – and we’ve been seeing some interesting examples of SQL injection attacks specifically targeting website designed for a Chinese audience, whether from the mainland or overseas.

ISC: Olympic Clicks
http://isc.sans.org/diary.html?storyid=4837

QUOTE: With the Olympics starting tomorrow our users are going to start receiving themed emails with something extra. They will start receiving emails similar to the cnn.com top ten emails Daniel wrote about, but also messages from “news services”, storm with Olympic themed subjects, messages from Visa as Olympic sponsor, etc. They will all ask the recipient to click. So it is probably a good idea to remind your users of the dangers of the almighty click.

==========================================
 

Idea GREAT ADVICE FROM ISC from the "Olympic Clicks" article above

Don’t click any links when:

* The email was sent by someone you do not know.
* The email was sent by someone you might know, but whose name and email address do not match. e.g sender: John Smith <Shjdyu@yahoo.com> or Albert Einstein <stacyB@hotmail.com>
* If the email asks you to click a link to “verify” personal details. e.g. “please click the link below to verify your account details”.
* the link looks funny. e.g. http://123.123.123.123/dhjeuaUhskw/special_surprise or www.not-quite-the-banks-name.com
* the web page says you have “won a laptop, click here to claim”, “a /spyware, click here to download a program to fix it”, “been selected as our lucky winner for .....”

 

Comments

No Comments