Super Bowl Sunday Web Commercials Top Target for Cyber-Criminals

Security researchers are seeing an increase in malicious comments and Websites pretending to have Super Bowl Sunday related content to trick users into clicking on phishing sites or downloading malware.

Cyber-criminals will be disguising malware and phishing scams as Super Bowl commercials and related advertisements to trick unsuspecting viewers, warned security researchers at PC Tools on Feb. 3.

The Super Bowl is never just about football, although there will be plenty, as the Green Bay Packers and Pittsbugh Steelers go head-to-head this Sunday at Cowboys Stadium in Arlington, Texas. It's also about the explosion of commercials, splashy Web campaigns and almost non-stop online chatter about the big game.

Attackers will exploit the interest with "record-breaking numbers of online threats and cyber attacks" designed to steal personal data or download malware, according to Eric Klein, a marketing manager at PC Tools, and Richard Clooke, a program manager at PC Tools.

"The Super Bowl is one of the biggest ad events of the year and advertisers focus on extensive online and social media campaigns," Klein told eWEEK.

The threats weren't new, as attackers have long been using fake ads and hacked video files as part of their repertoire of tricks, but there has been a significant increase in these tactics over the past few days, Klein said. The threats were also employing Super Bowl-specific images and language, he said.

Researchers cited a comScore survey from just before last year's SuperBowl where two-thirds of respondents said they planned to be online reading Super Bowl-related content. The numbers are expected to increase this year and there will be "more aggressive threats, scams and malware activity," according to PC Tools.

Attackers have begun "flooding" the Web with fake advertisements, Klein said. PC Tools researchers have seen an uptick in the number of advertisements for work-from-home scams, free iPad offers and gambling sites, Klein said. There were also a number of ads and fake Websites featuring cheerleaders or other football-related imagery and content to encourage fans to click on links they otherwise wouldn't have, he said. Those links may point to phishing sites that try to get users to enter personal identifying information or to malicious sites with drive-by downloads, he said. The sites may encourage users to download files, which may be scareware such as fake antivirus, Clooke said.

Many users are searching online to see sneak previews of Super Bowl commercials, or watching online campaigns by various advertisers. On legitimate video-sharing sites like YouTube, or even on fan sites, they may encounter follow-up comments promising a full version of the commercial, or other funny and cool things to check out. With the proliferation of URL shorteners, it's hard to tell when a link in the comment is malicious, Klein said. Clicking on the links may take users to a text page that doesn't seem to be relevant, while a malicious script executes in the background, according to Klein.

Attackers are also taking advantage of flash exploits, Clooke said. When users click on links to see a video, they may actually come to a page with a video player. The user may be asked to install a "more recent" version of the software, which is actually malware, he said. They may actually view a hacked Flash file and it may be triggering exploits in the background while running. PC Tools researchers saw a variation where the player crashed while playing the hacked video, and caused the entire computer to stop working.

PC Tools researchers recommended users make sure they already have the most up-to-date version of the Adobe Flash player and other software, as well as making sure their security product is up-to-date before going online.

Spammers and hackers often take advantage of major media events such as the Super Bowl to target users, according to security researchers. For example, the Website of Dolphin Stadium was hacked prior to Super Bowl XLI in 2007. Visitors to the site ended up downloading a host of malware on their computers.