With the opening ceremonies of the 2010 Winter Olympic Games in Vancouver, Canada now completed and the Games officially underway, security firm MessageLabs Intelligence has released information about the astounding number of cyber criminals attempting to spread malware in the name of the much-loved event, some with the intent to launch attacks on unsuspecting web sites.
A division of hosted services provider and general virus experts Symantec, MessageLabs has pinpointed two main methods of attack taking place under the banner of the Olympics: two email messages, one with the subject line “Information and resources to help you travel during the Vancouver 2010 Winter Games. TravelSmart 2010.htm” and another with the subject line “How to make Olympics more interesting?”. Masquerading as information potentially useful to those planning to travel to Vancouver to take in the Games, the first email does contain links to legitimate sites but opens a hidden iframe, allowing it to drop potentially anything onto the victimized machine in order to infect it. The second email contains a presentation file that is advertised as containing information on Vancouver but is instead a malicious file that utilizes an exploit in order to install malware onto the user’s machine.
With the vast amount of web traffic dedicated now to Vancouver and the events being held there, Symantec has issued security advisories urging people to follow safe web practices to help them ensure that they are not victimized by those who would take advantage of the hoopla; some of those tips are as follows:
- When purchasing tickets to Olympic events online, be sure you are purchasing through and from a reputable source such as Vancouver2010.com.
- Don’t fall for promises of exclusive merchandise such as Olympic pins and medallions offered by otherwise shady online sources prompting you for personal details.
- Never divulge personal financial information via email or instant message. No official source of Olympic tickets or merchandise will ever ask for private details to be emailed.
- Be aware also of IM messages from unrecognizable sources and pop-ups on web sites prompting you to click links related to Olympic deals. If the message appears to be from some official sponsor of the Games, take the time to manually type the web address into your browser to be sure you’re visiting the official source.
- As always, keep your antivirus software up-to-date.
Symantec is also urging web hosting providers to be aware of the sites hosted on and emails sent through their servers, calling them a “first line of defense” in the war on cyber-criminals and spam in general.