As we’ve come to expect in concert with the arrival of almost every major worldwide news event these days, cyber criminals are already seeking to tap into widespread interest in the ongoing 2010 Olympic Winter Games in Vancouver via a spate of attacks with themes tied to the competition.
Most notably, attackers are hoping to dupe end users looking for video highlights of the Winter Games into visiting poisoned URLs that aim to infect their computers with malware, as highlighted by researchers with SaaS security provider Zscaler.
Incorporating a Twitter account “gamesvancouver” that offers obscured links to Olympic highlights over the social networking service, the campaign features a browser redirection scheme that points people to a highly accurate counterfeit of the official Games site that subsequently attempts to infect machines with a Trojan attack.
The only way to discern the phony site from the real thing is by noticing that its domain name contains a slight misspelling of the official site, replacing a ‘u’ for the ‘n’ in “Vancouver2010.com.”
When users attempt to download videos from the phony Vancouver Games site they’re asked to update their Flash multimedia software with a codec that includes the involved attack. The malware program installs a Windows executable that contains a Trojan/Downloader, Zscaler experts said.
Further, the malicious file was only detected by 11 of 41 popular AV engines as tested using the VirusTotal system, the researchers contend.
Much like the Winter Games highlight a vast array of athletic skills, the Olympic video campaign illustrates a gamut of social engineering elements, from the use of the legitimate Twitter and bit.ly URL-“shortening” services, to its accurate site mirroring and timely launch, experts noted.
“Given the popularity of the Winter Olympics, it is not surprising that attackers are taking advantage of the event to spread malware,” said Michael Sutton, vice president of research at Zscaler. “Given the authentic nature of the attack site, lack of anti-virus signatures, use of Twitter to advertise the campaign and timing of the attack, it is reasonable to assume that it will succeed.”
Follow eWeek Security Watch on Twitter at: eWeekSecWatch.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.