Cybercriminals exploiting luger's death, Winter Olympics

Share this article:
Cybercriminals have been capitalizing on the world's interest in the Winter Olympics in Vancouver to spread malware, experts warned.

Attackers have been using Twitter and black hat search engine (SEO) optimization tactics to promote fake Olympics videos that are spreading malware.

Within hours after Friday's death of Georgian luge athlete Nodar Kumaritashvili, searches for "Olympic luge crash video” were poisoned to yield a malicious link near the top of search results, Roger Thompson, chief research officer at anti-virus vendor AVG Technologies, told SCMagazineUS.com on Tuesday. Users who visited the site were told they needed to download a codec to watch the video. The codec was actually malware.

During the middle of last week, cybercrooks began poisoning general Winter Olympics search queries, but significantly ramped up their efforts following Kumaritashvili's death, Thompson said.

By Tuesday, the SEO campaign appeared to be winding down, but some search queries related to the Olympics still yield malicious links, Thompson said. Some of the poisoned search queries have included: “Sports Illustrated Olympic preview,” “luger who died video,” “luge accident video” and “luge tragedy video.”

“These guys organize a campaign and they treat it like a business,” Thompson said.

Cybercriminals also used Twitter over the weekend to lure users to a fake Olympics video that was propagating malware. Within minutes after the opening ceremonies ended Friday evening, cybercriminals began posting tweets from an account called “gamesvancouver,” Michael Sutton, vice president of security research at web security vendor Zscaler, told SCMagazineUS.com on Tuesday.

The postings read: “2010 olympics vancouver opening ceremony video,” and included a shortened URL, Sutton said. Users who followed the link were diverted to a site that mimicked the official website for the 2010 Vancouver Olympics. To view the supposed video of the opening ceremonies, users were told to download a codec, which was actually a trojan.

The malicious site was taken down by Sunday evening, Sutton said.

“It looks like they set it up solely for this attack and ran it for about a 24-hour period,” Sutton said. “This was a very methodical attack, where they were planning to take advantage of the hype around the ceremonies.”

Users should be cautious over the next few weeks of similar cyberthreats exploiting the Winter Games, experts said.

“I think end-user diligence is absolutely critical here,” Sutton said. “All these attacks — they aren't actually taking advantage of a vulnerability — they are social engineering attacks convincing you to download a trojan.”

When looking for news stories about the Olympics, stick with mainstream news sites, Thompson recommended. And as a rule of thumb, don't ever download a codec to watch a video.

“The attackers follow current events pretty closely,” Sutton said. “As soon as a story emerges on the news wire, you can guarantee there will be social engineering attacks taking advantage of it.”

Poisoned search results generally include a jumble of keywords, whereas legitimate search results typically include a full, coherent sentence, Thompson said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.