Attackers have been using Twitter and black hat search engine (SEO) optimization tactics to promote fake Olympics videos that are spreading malware.
Within hours after Friday's death of Georgian luge athlete Nodar Kumaritashvili, searches for "Olympic luge crash video” were poisoned to yield a malicious link near the top of search results, Roger Thompson, chief research officer at anti-virus vendor AVG Technologies, told SCMagazineUS.com on Tuesday. Users who visited the site were told they needed to download a codec to watch the video. The codec was actually malware.
During the middle of last week, cybercrooks began poisoning general Winter Olympics search queries, but significantly ramped up their efforts following Kumaritashvili's death, Thompson said.By Tuesday, the SEO campaign appeared to be winding down, but some search queries related to the Olympics still yield malicious links, Thompson said. Some of the poisoned search queries have included: “Sports Illustrated Olympic preview,” “luger who died video,” “luge accident video” and “luge tragedy video.”
“These guys organize a campaign and they treat it like a business,” Thompson said.
Cybercriminals also used Twitter over the weekend to lure users to a fake Olympics video that was propagating malware. Within minutes after the opening ceremonies ended Friday evening, cybercriminals began posting tweets from an account called “gamesvancouver,” Michael Sutton, vice president of security research at web security vendor Zscaler, told SCMagazineUS.com on Tuesday.
The postings read: “2010 olympics vancouver opening ceremony video,” and included a shortened URL, Sutton said. Users who followed the link were diverted to a site that mimicked the official website for the 2010 Vancouver Olympics. To view the supposed video of the opening ceremonies, users were told to download a codec, which was actually a trojan.
The malicious site was taken down by Sunday evening, Sutton said.
“It looks like they set it up solely for this attack and ran it for about a 24-hour period,” Sutton said. “This was a very methodical attack, where they were planning to take advantage of the hype around the ceremonies.”
Users should be cautious over the next few weeks of similar cyberthreats exploiting the Winter Games, experts said.
“I think end-user diligence is absolutely critical here,” Sutton said. “All these attacks — they aren't actually taking advantage of a vulnerability — they are social engineering attacks convincing you to download a trojan.”
When looking for news stories about the Olympics, stick with mainstream news sites, Thompson recommended. And as a rule of thumb, don't ever download a codec to watch a video.
“The attackers follow current events pretty closely,” Sutton said. “As soon as a story emerges on the news wire, you can guarantee there will be social engineering attacks taking advantage of it.”
Poisoned search results generally include a jumble of keywords, whereas legitimate search results typically include a full, coherent sentence, Thompson said.