rediff.com

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  

Rediff News  All News 
Rediff.com  » Business » Beware of 'FIFA mails'; cybercriminals at play

Beware of 'FIFA mails'; cybercriminals at play

June 15, 2010 09:30 IST

Even if you're an ardent soccer fan and see phrases like 'FIFA 2010', '2010 FIFA', 'Football World Cup' or 'FIFA World Cup' in your e-mails, you have to think twice before opening such mails. At least for another month, till July 11, when the football World Cup comes to an end.

The reason is simple. There are millions of football fans in the country - 1.95 million viewers across six metros watched matches on the first day alone, according to aMap. Spam is bound to increase proportionately. Globally, spam based on the FIFA 2010 World Cup has surged by almost 27 per cent according to Symantec, an internet security company.

Cybercriminals thrive on sporting events (and natural disasters) by sending e-mails that include offer for fake tickets, attached malware in videos containing "FIFA highlights" and fake FIFA merchandise offers. The 419-styled scam messages (similar to the lottery-style scams which send unsolicited e-mails asking for help and used for phishing bank account numbers) are cases in point.

This time around, though, cybercriminals are using smarter ways to avoid detection. For instance, search engine manipulation is being used to lure users into searching for video clips and news towards scareware.

WatchGuard security analysts see an explosive growth of online threats, including spam, spear phishing (where attacks are directly targeted to small populations with socially-engineered messages to entice victims to open an executable or click to a site that harbours malware), PDF attacks, SEO (search engine optimisation) poisoning (that allows malicious websites to be highly ranked in search strings relating to the World Cup. As poisoned websites, they pack a malware punch) and malware through social networks.

The Websense Security Labs ThreatSeeker Network, too, "has detected a new wave of interesting malicious e-mails". It has seen over 80,000 e-mail messages in this new campaign, which uses a hypertext mark-up language attachment with an embedded JavaScript. Upon execution, this script leads to a malicious website. Websense is protecting its customers "with our real-time analytics in our ACE engine".

This is not all. It was relatively uncommon to see targeted attacks using excel documents, noted Dan Bleaken, malware data analyst, Symantec Hosted Services, in his post. "Normally, we see PDF or Word documents or straight exe files. For the targeted attacks intercepted since the start of April, the attached file types - .pdf 41%, .exe 18%, .doc 14%, .xls 7%, .scr 4%, and .ppt 1% - - have been used," he said. It's also relatively uncommon to see malicious documents contained in a zip archive.

Upon opening the excel file, Excel opens, quickly closes and reopens, displaying the World Cup spreadsheet with all the current groups, the teams playing in them and when they are playing, allowing the owner to add in the results as the World Cup happens. "In this time, a file (temp.temp), an executable, is dropped in c:\documents & settings\\Local Settings\ ." When the executable runs, it makes an initial connection to a well-known search engine. After that it made connections to an IP address in Indonesia, noted Bleaken.

"This is a 'backdoor' or a method of bypassing normal authentication, which constantly connects to the hacker's machine to tell it that a computer is accessible," cautioned Dan. From this point on, the hacker has access to the victim's computer.

This enables the attacker to stealthily access data on the victim's PC, and/or access other systems on that network. In this scenario, the 'server' (infected machine) attempts to contact the 'client' (attacker).

Jan Valcke, president and COO of Vasco Data Security, said: "Cybercriminals are always looking for opportunities. During the Word Cup, most of the e-betting sites are using vulnerable static passwords. We advocate the use of one-time-passwords to help protect people against cybercriminals, not just during the World Cup, but all through the year."

"The increasing threat to Indians on cyber space is further exacerbated by the fact that 33 per cent of Indian adults do not have security measures in place, according to the Norton Online Living Report 2009," pointed out Shantanu Ghosh, vice-president (India Product Operations), Symantec.

McAfee researchers, too, have noted a significant number of 2010 FIFA World Cup-themed phishing scams. Cybercriminals have started distributing World Cup - themed phishing scams to trick fans out of their sensitive information.

Indeed, growing internet infrastructure, burgeoning broadband population and rampant software piracy have made India a growing target for cyber criminals. India moved up in malicious activity to fifth position from 11th position in 2008, according to Symantec's latest Internet Security Threat Report XV. The number is only set to increase.

Leslie D Monte and Priyanka Joshi in Mumbai
Source: