donderdag 28 augustus 2008

Beijing E-Threats Olympics: Gold for Spam

Rapport van BitDefender over olympische spam en malware

Read this document on Scribd: Beijing E-Threats Olympics: Gold for Spam

BitDefender Beijing E-Threats Olympics: Gold for Spam Rãzvan Livintz, Communication Specialist Definitely the most important sport event of the year 2008, with more than 10,000 athletes attending 300 events broadcasted live around the globe, the Games of the 29th Olympiad held in Beijing also lit up the torch of the e-threats’ competition. Spam Relay Race and Trojan Steeplechase As predicted by the security analysts worldwide, the China Olympics gave a fresh start to the spam race. Already a “well-established” presence when large scale events like this occur, the Olympics-associated email spam follows the “traditional” pattern, speculating the recipients interest in hot topics or moment’s celebrities. Whether they focus on US swimmer Michael Phelps’ “gold rush” or Swedish archer Sara Boberg’s nude pictures, the messages rely on a simple template: a line or a paragraph that should hook the reader, sometimes an additional image to entice even more, and a hyperlink to the “source” or “detailed” story. “As a rule of thumb, we strongly recommend you not to click any links the Olympics related spam e-mails provide. These hyperlinks usually trigger the download and installation of some other malware that can The content of this docum ent is confidential and classified as BitDefender's Proprietary Inform ation. BitDefender severely compromise your system integrity. If you want to find out the last minute winners and results from the Olympic Games, you should definitely surf the safe and reliable news agencies’ Web sites or news portals, while completely ignoring e-mail spam and its menaces.” said Vlad Vâlceanu, Head of BitDefender Antispam Research. In the following example, the link to the purported “source” of Swedish athlete nude photos does not lead to the Free Celebrity Movie Archive depicted in the arousing flashy banner, but to a compromised Web site that attempts to install a combination of malicious payloads. First, while preparing the download of an alleged movie – which is, in effect, the disguised executable file name.avi.exe – the Trojan.FakeAlert.AAH sneaks into the system two more files, corrupting the current wallpaper and displaying a window that informs the user about a viral detection, as depicted in the image below: The content of this docum ent is confidential and classified as BitDefender's Proprietary Inform ation. BitDefender To eliminate the (fake) threats, the user is advised to install the “Best Antivirus for Windows XP or Vista”, as another recent spam campaign suggested. This rogue software claims to scan and detect malware or other problems on the computer, while in effect attempts to dupe the users into purchasing a program that does not keep the threats away, but opens the door for other malware. “The rogue this e-mail spam wave introduces via malicious or compromised Web sites has been already used in other previous spamming campaigns, relying on different ‘hooks’, like Angelina Jolie’s nude movies, Barack Obama’s presidential campaign or U.S. troops’ attacks in Iran. The Olympic related spam wave will probably decrease in intensity and cease after the games end, but it is most likely for the Trojan to stay and continue spreading. Ideally, you should install and activate a reliable antimalware, firewall and spam filter solution to keep these e-threats away from your system.”, added Vlad Vâlceanu. Scams and Frauds Pole Volt Beijing games will probably remain in the E-Threats History as one of the most influential event in terms of frauds. Due to its intriguing location, majestic venues, and magnificent spectacle it promised, the 29 th Olympiad was heavily exploited by cybercriminals long before the opening ceremony. IT Security Specialists and media warned the public about the imminent dangers of e-scams. With the flight operators filling their seats to China almost a year ago, Beijing hotels fully booked since January and Olympic events’ admission tickets sold out one month ahead of the August opening fireworks, it is no wonder that e-crooks took advantage of the sport fans’ keen wish to cheer their favorite athletes. The content of this docum ent is confidential and classified as BitDefender's Proprietary Inform ation. BitDefender The two most notorious cases are beijing-tickets2008.com, closed July, 23rd , and BeijingTiketing.com, shut down early August, after International Olympic Committee’s and U.S. Olympic Committee’s official complaints. Taking advantage of Olympic enthusiasts unawareness and striking resemblance with the official Web site’s name and appearance (http://www.tickets.beijing2008.cn/?lang=en-cn), these two fraud sites probably managed to purloin illicit gains of $ hundreds of thousands, as well as a huge amount of sensitive data, such as bank account, credit card and passport details from Americans, Australians and New Zealanders. “Web surfers and buyers should always pay an extreme close attention to Web pages’ details. Although they seem legit at the first look, many phishing and scam Web sites always reveal their lacks and incongruities at a close inspection. Whether we talk about general layout flaws, awkward phrasing, flagrant spelling and/or grammar errors, or abusive and incorrect use of logos and other design or structure elements exposed by the Web page source analysis, there are always details that should give users a clue about the fraud behind. We advise e-buyers to always check the e-commerce Web sites and perform some research before purchasing any goods or services”, said Vlad Vâlceanu, Head of BitDefender Antispam Research. The frauds victims already filled in complaints and law firms joined the International Olympic Committee and the U.S. Olympic Committee recently filed lawsuits. (For more details and a comprehensive analysis of the scam sites, please see http://www.beijingticketscam.com/). Insecure Internet Connections Marathon International Human Rights Organizations and Press Freedom Groups revealed early August about the consequences of Grand Beijing Safeguard Sphere, a part of China’s Olympic security program comprising 300,000 CCTV cameras monitoring the apartment complexes, public spaces and transportation network in service for the 500,000 expected foreign visitors. Caught between the recent earthquake aftermath, terrorists’ bomb threats and Olympic officials’ pressure, China’s Public Security Bureau choose to limit the journalists Internet access and forced the international hotel chains to install hardware and software that monitors their guests Internet use: Web browsing and communication’s history, queries and searches, as well as keystrokes records, as exposed by the U.S. Senators Sam Brownback and Jim Bunning in an end of July resolution. (For details, see Sen. Brownback’s press release http://brownback.senate.gov/pressapp/record.cfm?id=301572 and U.S. Senate Resolution 633, July 30 th , 2008 http://thomas.loc.gov/cgi-bin/query/z?c110:S.RES.633). “We advised the sports fans attending the Olympics to moderately and carefully employ the Internet and avoid typing sensitive personal information (such as user names and passwords, social security numbers, bank accounts or credit card numbers) from mobile computing devices outside a secured network (like a The content of this docum ent is confidential and classified as BitDefender's Proprietary Inform ation. BitDefender public Internet Café) or not protected by a reliable security solution.”, said Mircea Mitu, Senior Product Manager for Core Technologies. Post Scriptum: Hacking Hammer Throw 2008’s Beijing E-Threats Olympics would not be completed without the latest “classical” challenge of Web site hacking. The widely acclaimed U.S. swimmer Michael Phelps, winner of 8 gold medals, owner of 7 world records, and the undoubted “star” of the recent e-mails spam waves has also “gain” the “gold” attention of hackers. Few days before the Olympics closing ceremony, Phelps’ Web site was compromised by an alleged Turkish hacker who altered the index page and posted a link towards another Web site displaying a political message. (For the full story, please check: http://www.scmagazineus.com/Olympic-champion-Phelps-website-defaced-in-Turkishhack/article/115773/). BitD efender® is the creator of one of the industry’s fastest and m ost effective lines of internationally certified security software. Since our inception in 2001, BitD efender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitD efender protects tens of m illions of hom e and corporate users across the globe – giving them the peace of m ind of knowing that their digital experiences are secure. BitD efender solutions are distributed by a global network of value added distribution and reseller partners in m ore than 100 countries worldwide. For m ore details about BitD efender’s security solutions, please check www.bitdefender.com . The content of this docum ent is confidential and classified as BitDefender's Proprietary Inform ation.

Geen opmerkingen: