Olympic spam carries malicious code: MessageLabs

Share this article:
A legitimate attachment containing information about security for the upcoming Beijing Summer Games is also masking a trojan, researchers at MessageLabs said.

The documents, which appear to come from Olympic mail servers, but include embedded malware, are so relevant to the recipient that researchers have noticed many victims are forwarding the malicious messages on to other Olympic committee members.

“These are otherwise perfectly valid documents,” Maksym Shipka, senior architect at MessageLabs, told SCMagazineUS.com today. “It's real information. It's a continuation of actual email conversations. Yet the document is bad.”

Opening the attachment activates a difficult-to-detect exploit in Microsoft Word, according to MessageLabs. The document silently extracts and runs the malicious code on the end-user's computer.

Social engineering is one of the most dangerous trends in spam. Messages are tailored to behavioral patterns of the users. Because the attachment is an actual, known document from a trusted sender, the user is tricked into thinking it is safe.

Shipka said the social engineering of this attack has been so precise, the target was compelled to not only open the attachments, but also to pass it on to other Olympic committee members. This marks the first time that such an outcome was intended by the attackers, he said.

Socially engineered attacks make it  difficult to tell the difference between what is safe and what is dangerous, meaning that users must now be more vigilant before opening or forwarding any email attachment, Shipka said.
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.