Cybercriminals exploiting Winter Olympics, luger's death

Cybercriminals have been capitalising on the world's interest in the Winter Olympics in Vancouver to spread malware, experts warned.

Attackers have been utilising Twitter and black hat search engine optimisation (SEO) tactics to promote fake Olympics videos that are spreading malware.

Within hours after of last week's death of Georgian luge athlete Nodar Kumaritashvili, searches for "Olympic luge crash video” were poisoned to yield a malicious link near the top of search results, Roger Thompson, chief research officer at anti-virus vendor AVG Technologies, told SCMagazineUS.com. Users who visited the site were told they needed to download a codec to watch the video. The codec was actually malware.

During the middle of last week, cybercrooks began poisoning general Winter Olympics search queries but significantly ramped up their efforts following Kumaritashvili's death, Thompson said.
As of yesterday, the SEO campaign appeared to be winding down, but some search queries related to the Olympics still yield malicious links, Thompson said. Some of the poisoned search queries have included: “Sports Illustrated Olympic preview”, “luger who died video”, “luge accident video”, and “luge tragedy video.”

“These guys organise a campaign and they treat it like a business,” Thompson said.

Cybercriminals also used Twitter over the weekend to lure users to a fake Olympics video that was propagating malware. Within minutes after the opening ceremonies ended, cybercriminals began posting tweets from an account called “gamesvancouver”, said Michael Sutton, vice president of security research at web security vendor Zscaler.

The postings read: “2010 olympics vancouver opening ceremony video”, and included a shortened URL, Sutton said. Users who followed the link were diverted to a site that mimicked the official website for the 2010 Vancouver Olympics. To view the supposed video of the opening ceremonies, users were told to download a codec, which was actually a trojan.

The malicious site was taken down by the end of the weekend, Sutton said.

“It looks like they set it up solely for this attack and ran it for about a 24-hour period,” Sutton said. “This was a very methodical attack, where they were planning to take advantage of the hype around the ceremonies.”

Users should be cautious over the next few weeks of similar cyberthreats exploiting the Winter Games, experts said.

“I think end-user diligence is absolutely critical here,” Sutton said. “All these attacks — they aren't actually taking advantage of a vulnerability — they are social engineering attacks convincing you to download a trojan.”

When looking for news stories about the Olympics, stick with mainstream news sites, Thompson recommended. And as a rule of thumb, don't ever download a codec to watch a video.

“The attackers follow current events pretty closely,” Sutton said. “As soon as a story emerges on the news wire, you can guarantee there will be social engineering attacks taking advantage of it.”

Poisoned search results generally include a jumble of keywords, whereas legitimate search results typically include a full, coherent sentence, Thompson said.

See original article on scmagazineus.com