Beijing E-Threats Olympics: Gold for Spam, Silver for Scams and Bronze for Insecure Internet Connections

As predicted by the security analysts worldwide, the China Olympics gave a fresh start to the spam race. Already a “well-established” presence when large scale events like this occur, the Olympics-associated e-mail spam follows the “traditional” pattern, speculating the recipients interest in hot topics or moment’s celebrities. Whether they focus on US swimmer Michael Phelps’ “gold rush” or Swedish archer Sara Boberg’s nude pictures, the messages rely on a simple template: a line or a paragraph that should hook the reader, sometimes an additional image to entice even more, and a hyperlink to the “source” or “detailed” story.

 

“As a rule of thumb, we strongly recommend you not to click any links the Olympics related spam e-mails provide. These hyperlinks usually trigger the download and installation of some other malware that can severely compro-mise your system integrity. If you want to find out the last minute winners and results from the Olympic Games, you should definitely surf the safe and relia-ble news agencies’ Web sites or news portals, while completely ignoring e-mail spam and its menaces.” said Vlad Valceanu, Head of BitDefender Antispam Research.

In the following example, the link to the purported “source” of Swedish athlete nude photos does not lead to the Free Celebrity Movie Archive depicted in the arousing flashy banner, but to a compromised Web site that attempts to install a combination of malicious payloads.

 

First, while preparing the download of an alleged movie – which is, in effect, the disguised executable file name.avi.exe – the Trojan.FakeAlert.AAH sneaks into the system two more files, corrupting the current wallpaper and displaying a window that informs the user about a viral detection, as depicted in the image below:

 

To eliminate the (fake) threats, the user is advised to install the “Best Antivirus for Windows XP or Vista”, as another recent spam campaign suggested. This rogue software claims to scan and detect malware or other problems on the computer, while in effect attempts to dupe the users into purchasing a program that does not keep the threats away, but opens the door for other malware.

“The rogue this e-mail spam wave introduces via malicious or compromised Web sites has been already used in other previous spamming campaigns, relying on different ‘hooks’, like Angelina Jolie’s nude movies, Barack Obama’s presidential campaign or U.S. troops’ attacks in Iran . The Olympic related spam wave will probably decrease in intensity and cease after the games end, but it is most likely for the Trojan to stay and continue spreading. Ideally, you should install and activate a reliable antimalware, firewall and spam filter solution to keep these e-threats away from your system.”, added Vlad Valceanu.

Beijing games will probably remain in the E-Threats History as one of the most influential event in terms of frauds. Due to its intriguing location, majestic venues, and magnificent spectacle it promised, the 29th Olympiad was heavily exploited by cybercriminals long before the opening ceremony.

IT Security Specialists and media warned the public about the imminent dan-gers of e-scams. With the flight operators filling their seats to China almost a year ago, Beijing hotels fully booked since January and Olympic events’ ad-mission tickets sold out one month ahead of the August opening fireworks, it is no wonder that e-crooks took advantage of the sport fans’ keen wish to cheer their favorite athletes.

The two most notorious cases are beijing-tickets2008.com, closed July, 23rd, and BeijingTiketing.com, shut down early August, after International Olympic Committee’s and U.S. Olympic Committee’s official complaints. Taking advantage of Olympic enthusiasts unawareness and striking resem-blance with the official Web site’s name and appearance (http://www.tickets.beijing2008.cn/?lang=en-cn), these two fraud sites probably managed to purloin illicit gains of $ hundreds of thousands, as well as a huge amount of sensitive data, such as bank account, credit card and passport details from Americans, Australians and New Zealanders.

“Web surfers and buyers should always pay an extreme close attention to Web pages’ details. Although they seem legit at the first look, many phishing and scam Web sites always reveal their lacks and incongruities at a close inspection. Whether we talk about general layout flaws, awkward phrasing, flagrant spelling and/or grammar errors, or abusive and incorrect use of logos and other design or structure elements exposed by the Web page source analysis, there are always details that should give users a clue about the fraud behind. We advise e-buyers to always check the e-commerce Web sites and perform some research before purchasing any goods or services”, said Vlad Vâlceanu, Head of BitDefender Antispam Research.

The frauds victims already filled in complaints and law firms joined the International Olympic Committee and the U.S. Olympic Committee recently filed lawsuits. (For more details and a comprehensive analysis of the scam sites, please see beijingticketscam.com ).

International Human Rights Organizations and Press Freedom Groups re-vealed early August about the consequences of Grand Beijing Safeguard Sphere, a part of China’s Olympic security program comprising 300,000 CCTV cameras monitoring the apartment complexes, public spaces and transportation network in service for the 500,000 expected foreign visitors.

Caught between the recent earthquake aftermath, terrorists’ bomb threats and Olympic officials’ pressure, China’s Public Security Bureau choose to limit the journalists Internet access and forced the international hotel chains to install hardware and software that monitors their guests Internet use: Web browsing and communication’s history, queries and searches, as well as keystrokes records, as exposed by the U.S. Senators Sam Brownback and Jim Bunning in an end of July resolution. (For details, see Sen. Brownback’s press release and U.S. Senate Resolution 633, July 30th, 2008).“We advised the sports fans attending the Olympics to moderately and carefully employ the Internet and avoid typing sensitive personal information (such as user names and passwords, social security numbers, bank accounts or credit card numbers) from mobile computing devices outside a secured network (like a public Internet Café) or not protected by a reliable security solution.”, said Mircea Mitu, Senior Product Manager for Core Technologies.

 

 

2008’s Beijing E-Threats Olympics would not be completed without the latest “classical” challenge of Web site hacking. The widely acclaimed U.S. swimmer Michael Phelps, winner of 8 gold medals, owner of 7 world records, and the undoubted “star” of the recent e-mails spam waves has also “gain” the “gold” attention of hackers. Few days before the Olympics closing ceremony, Phelps’ Web site was compromised by an alleged Turkish hacker who altered the index page and posted a link towards another Web site displaying a political message. (For the full story, please check: scmagazineus.com).