World Cup Web Activity Causing More Malware Distribution, Cisco Reports

By Chris Preimesberger  |  Posted 2010-06-18 Print this article Print

Cisco ScanSafe SAAS Web security service reported June 18 that after a week of World Cup activities, the global increase in Web traffic is up by an average of 27 percent during World Cup matches. Correspondingly, the distribution of malicious malware is also way up.

As one might expect, as the world's legitimate Web traffic increases, so do instances of spam e-mail, Internet-borne malware and general hacker activity. When special or unusual events happen -- such as the current Gulf oil spill or the FIFA World Cup soccer tournament in South Africa -- communications traffic of all kinds skyrockets. This takes into account text messaging, e-mail, Web searches, cell phone usage, television and Web streaming video, among others.

Cisco ScanSafe SAAS Web security service reported June 18 that after a week of World Cup activities, the global increase in Web traffic is up by an average of 27 percent during World Cup matches.

Japan noted the highest increase (53 percent), followed by the U.K. (37 percent), Germany (32 percent), Australia (20 percent) and Singapore (9 percent).

In the United States, the increase worked out to about 8 percent -- lower because soccer isn't the overwhelming phenomenon here as it is worldwide.

A common scam going around is an unsolicited e-mail landing in mailboxes with the words "World Cup" in the subject line and offering a link to free video streaming of the matches. Virtually all of these are spam mails designed to get people to click on the links, which deliver no video streaming but certainly identify that particular PC as a live one ready to be added to a botnet network.

"The malware that's going around is crafted pretty much the same as you'll find on any regular day," Mark Guntrip, a product manager with Cisco's ScanSafe SAAS Web security service, told eWEEK. "It's just that they're packaging it differently -- making a PDF look like a World Cup-themed PDF."

Another difference in this case is that targeted Web locations -- especially those dealing with World Cup news and other attractions -- are going to become candidates for infected ads, Guntrip said.

"For example, if you know there are going to be lots of people going to streaming Websites to download software to watch the matches, that if you can infect or create adverts that are going to get placed on that domain, then that's a great place [to harvest] users," Guntrip said.

"You've got the person [Web user] there, and there are lots of people interested in the World Cup matches; if you can get the person to click on the advert that's about the World Cup to the right of that screen, then you have the perfect storm for these guys [hackers]."

Cisco ScanSafe also reported that there have been a small number of Websites offering free downloads of the World Cup tournament wall chart. The malware was residing on the advertisements on the Web page, offering fake audio-visual software, Cisco said.

Malicous activity will increase over time

Guntrip said that Web traffic and corresponding malware distribution will increase as the World Cup goes on during the next few weeks.

"Often, the user will never know exactly what happened to his or her computer, after falling into an e-mail or Website trap," Guntrip said. 

"They won't get the video streaming of the game or games they want to watch, and they'll just think the site didn't work for some reason. They'll hope nothing happened to their computer. Actually, they're being set up for some future botnet attack because they've been infected and don't know it."

The standard remedy for this kind of malware has been the same since the Internet came into common use in the mid-1990s: Do not open an e-mail and click on anything inside it if you are unsure of its origin. This goes for links, PDFs with links, and .exe files.

"Most corporate users are aware of .exe files and how dangerous they can be," Guntrip said. "But there are still a lot of home users around the world who get caught in that trap, too."

Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel