World Cup Web Activity Causing More Malware Distribution, Cisco Reports

 
 
By Chris Preimesberger  |  Posted 2010-06-18
 
 
 

As one might expect, as the world's legitimate Web traffic increases, so do instances of spam e-mail, Internet-borne malware and general hacker activity. When special or unusual events happen -- such as the current Gulf oil spill or the FIFA World Cup soccer tournament in South Africa -- communications traffic of all kinds skyrockets. This takes into account text messaging, e-mail, Web searches, cell phone usage, television and Web streaming video, among others.

Cisco ScanSafe SAAS Web security service reported June 18 that after a week of World Cup activities, the global increase in Web traffic is up by an average of 27 percent during World Cup matches.

Japan noted the highest increase (53 percent), followed by the U.K. (37 percent), Germany (32 percent), Australia (20 percent) and Singapore (9 percent).

In the United States, the increase worked out to about 8 percent -- lower because soccer isn't the overwhelming phenomenon here as it is worldwide.

A common scam going around is an unsolicited e-mail landing in mailboxes with the words "World Cup" in the subject line and offering a link to free video streaming of the matches. Virtually all of these are spam mails designed to get people to click on the links, which deliver no video streaming but certainly identify that particular PC as a live one ready to be added to a botnet network.

"The malware that's going around is crafted pretty much the same as you'll find on any regular day," Mark Guntrip, a product manager with Cisco's ScanSafe SAAS Web security service, told eWEEK. "It's just that they're packaging it differently -- making a PDF look like a World Cup-themed PDF."

Another difference in this case is that targeted Web locations -- especially those dealing with World Cup news and other attractions -- are going to become candidates for infected ads, Guntrip said.

"For example, if you know there are going to be lots of people going to streaming Websites to download software to watch the matches, that if you can infect or create adverts that are going to get placed on that domain, then that's a great place [to harvest] users," Guntrip said.

"You've got the person [Web user] there, and there are lots of people interested in the World Cup matches; if you can get the person to click on the advert that's about the World Cup to the right of that screen, then you have the perfect storm for these guys [hackers]."

Cisco ScanSafe also reported that there have been a small number of Websites offering free downloads of the World Cup tournament wall chart. The malware was residing on the advertisements on the Web page, offering fake audio-visual software, Cisco said.

Malicous activity will increase over time

Guntrip said that Web traffic and corresponding malware distribution will increase as the World Cup goes on during the next few weeks.

"Often, the user will never know exactly what happened to his or her computer, after falling into an e-mail or Website trap," Guntrip said. 

"They won't get the video streaming of the game or games they want to watch, and they'll just think the site didn't work for some reason. They'll hope nothing happened to their computer. Actually, they're being set up for some future botnet attack because they've been infected and don't know it."

The standard remedy for this kind of malware has been the same since the Internet came into common use in the mid-1990s: Do not open an e-mail and click on anything inside it if you are unsure of its origin. This goes for links, PDFs with links, and .exe files.

"Most corporate users are aware of .exe files and how dangerous they can be," Guntrip said. "But there are still a lot of home users around the world who get caught in that trap, too."

Rocket Fuel