With the World Cup winding up this weekend, malicious actors are hustling out the last of their World Cup-based attacks in an attempt to obtain a few more victims.
The latest action centers on comment spam being posted mainly to WordPress sites that contain a simple, generic message that had nothing to do with the World Cup, but which contained links that led to sites where one could bet on World Cup games, Imperva reported. The spam was being pushed by a spambot comprised of more than 1,200 unique IPs that simply sent out emails using a “spray and pray” tactic sending out thousands of comments hoping to strike gold.
“Our analysis found that the top 10 links advertised by the botnet lead to World Cup betting sites. Interestingly, eight of the top advertised sites contained links to the same betting site, hinting that they might be connected in a way,” Imperva said.
The actors behind the spambot only recently began using the World Cup as part of their scheme. Before the tournament started the bots were attempting to infect victims with remote code execution via PHP and abuse Unrestricted File Upload to WordPress sites.
However, once the games began the switchover to spam took place with the addition of the World Cup hook happening with the quarter and semi-final matches.
“A possible explanation is that the botnet is for hire. The malicious activity we’ve seen at first was either paid for or simply the botnet’s attempt to grow itself. Then, it was hired by these betting sites to advertise them and increase their SEO,” Imperva said.
“There is no allegation in this indictment that any American citizen committed a crime,” Rosenstein said at a news conference. “There is no allegation that the conspiracy altered the vote count or changed any election result,” said Deputy Attorney General Rod Rosenstein, according to CNN.