How Cyber Criminals Targeted 2012 Olympics
Cyber criminals are known as opportunists. They will take advantage of anything newsworthy and craft their schemes around (for example) sporting events like FIFA and the Olympics. During the London 2012 Olympics, Trend Micro Researchers have spotted some spammed messages using the 2012 Olympics as bait, one involved an email that says “winning notification”, another message asks for personal details in exchange for a prize, and another that asks users to notify a specific contact person. Users who fall for any of these traps are at risk of having their information stolen or their machines infected with malware. Some spam may even lead to monetary loss.Prize, Free Tickets in Exchange for Your Information
The first Olympic-related spam that was seen was an email that asked for personal information. For users to willingly give these details, the message informs recipients that they won free tickets. However to claim their prizes, users must divulge personal information such as home address/location, marital status, and even occupation. The message also stretches the truth further by informing users they won a big amount of cash prize.
The scammers behind this spam may use the gathered information in their future malicious schemes. They may also sell data to other cybercriminal groups.
Amit Nath Country Manager India and SAARC Trend Micro said "attackers are still using these because these scams are still giving them successful margins. Social engineering has worked for years and there are little signs of that changing.” he further added "so long as users are still falling for this trap, scammers will continue to create new spam runs using events like the London Olympics to make a quick buck".
Malware Disguised as Prize Notification
Trend Micro Researchers have also encountered several messages supposedly related to London Olympics 2012 that arrive with attachments disguised as “winning notifications” and contain the details of the prize. Curious users who download and open the attachments are actually executing malicious files. Below is a sample email:
In a different spam run, researchers noticed a message with an attached file that is actually a Trojan (detected as TROJ_ARTIEF.ZIGS) that exploits RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333). Once exploit is successful, the malware drops the backdoor BKDR_CYSXL.A. Based on our analysis, this backdoor connects to remote user who may perform commands onto the infected system. What’s more alarming is that systems infected with backdoors are vulnerable to other threats, which may include malware that steal online banking credentials (passwords, usernames etc.).
Spam Asking Users to Contact Specific People
The third type of spam may look legitimate at first. To look authentic, the messages may spoof well-known entities like Visa and contain contact details of a supposed coordinator or contact person affiliated with the fake promo.
In the message, recipients are instructed to contact the supposed “coordinator” indicated in these messages. Once users send replies to the addresses, they will receive a reply from the scammer with instructions on how to claim their prizes. Eventually, users would be asked to disclose personal information. The scammers behind this threat may ask users for account details or deposit money to specific bank accounts, in order to get their prize.
Why These Spam Remain
These types of scams are nothing new. Some of its previous incarnations include spam claiming to be associated with the Beijing Olympics 2008 and the Torino Winter Games. So why is this still a threat to users? Cybercriminals are still earning money from this threat. Rather strange, but users still haven't matured to detect such threats and the viruses remain a menace.