The start of the Olympics has proved irresistible to cyber criminals, say security firms.
The volume of junk e-mail messages with an Olympic theme spiked prior to the opening ceremony, said Symantec.
The
malicious messages try to trick people into visiting fake sites or
opening booby-trapped e-mail attachments, say other firms.
Some messages falsely claim users have won an Olympic lottery and encourage them to respond to claim their prize.
Hack attack
"The
Beijing Olympics is gearing up to be one of the biggest events of the
year and hackers and spammers will see it as a massive opportunity to
compromise the unwary," said Con Mallom, a spokesman for Symantec.
Symantec said the messages in the spam it had seen related to the games ran the gamut of modern security threats.
"Members
of the public have to remember that they should not open e-mails or
click on links from unknown sources, no matter how many gold medals
they are offering," said Mr Mallom.
Rik Ferguson of Trend Micro
said the games could inspire attacks on sites related to the games in a
bid to compromise them. The hijacked sites would then be used to attack
visitors keen to catch up with the sporting event.
"We are
fully anticipating malicious social engineering techniques to exploit
people’s interest in this event, luring unsuspecting users into
clicking on compromised websites and into handing over sensitive
personal information," he said.
Security firm Marshal said many of the malicious and junk messages emerging from the Rustock botnet were about the games.
A
botnet is made up of a collection of home computers that have been
hijacked by a gang of hi-tech criminals who then put it to a variety of
ends. Some gangs simply vacuum up the personal data they find on
compromised machines, others use the botnets to pump out spam or to
attack other sites.
Phil Hay, lead threat analyst for Marshal,
said e-mails sent out via Rustock to catch people out were getting more
sophisticated. The latest batch appear to be about headline stories on
CNN and many concern the Olympics.
Those clicking on the
headlines get taken to a fake CNN video report and is asked to install
a codec to watch the film. Those installing the codec become part of
the Rustock botnet.
"As time has gone on, the criminals behind
Rustock have adjusted the appearance and sophistication of their
messages to become more convincing at fooling recipients into infecting
themselves," said Mr Hay.
Security company MessageLabs said it
was not just members of the public that were at risk. The company said
it had seen a campaign that used e-mails crafted to look like they had
been written by the International Olympic Committee.
The messages have been sent to those who are part of national sporting organisations or help train athletes.
Travelling with the fake messages is a booby-trapped Adobe PDF that, if installed, steals data from a compromised PC.
The vast majority of the computer security threats taking advantage of the Olympics are aimed at users of Windows PCs.
Carole
Thierault, senior security consultant at Sophos, said to stay safe
people should keep their anti-virus software up to date, use a firewall
and install updates to Windows as they become available.
Of
course hackers will do their best to capitalise on this event," said Ms
Thierault. "The most effective way to avoid the pitfalls is to make
your device an unattractive target.
Source: BBC