Symantec Intelligence Report: July 2012 cautions about Olympic-related hash tags on Twitter are being utilized by attackers to spread malware.
Highlights of the report:
·Spam – 67.6 percent (an increase of 0.8 percentage points since June 2012)
·Phishing – One in 475.3 emails identified as phishing (a decrease of 0.003 percentage points since June 2012)
·Malware – One in 340.9 emails contained malware (an decrease of 0.023 percentage points since June 2012)
·Malicious Web sites – 2,189 Web sites blocked per day (an increase of 4.0 percent since June 2012)
·The number of spam and phishing scams discovered per day has doubled since May.
·Attackers are taking Olympic mobile apps and rebundling them with threats.
·Olympic-related hash tags on Twitter are being utilized by attackers to spread malware.
·Scammers are creating Olympic-themed spam and phishing schemes, seemingly sponsored by credit card companies.
Attackers have been actively using Olympic-related trending topics on Twitter recently in order to entice people to click on malicious links. The Tweets appear to be generated by bots, with poorly constructed, ambiguous sentences.
The shortened URLs lead to fake pages that appear to cover a variety of topics, including business strategy tips and health-related themes. However, the real purpose of these sites is to spread malware. An attack toolkit is set up on the back end of the pages and will attempt to install trojan back doors or fake security software on vulnerable computers that visit these Web sites. For instance, the attack might play out similar to this video.
The accounts themselves are generally created the day the Tweets are sent, rarely have any followers, and rapidly post a few Tweets each minute using a wide variety of hash tags linked to trending topics. Twitter has been quick to identify these accounts and suspend them, generally within a few hours of their creation.
Fake Olympic scandals
There also have been a few instances of spammers attempting to trick users into downloading malware. For example, one spam email we’ve recently encountered hints at a doping scandal, and includes a link to a website that mimics YouTube. The video in question purports to be about the supposed scandal, but instead of playing the video, it tells the user to install a new version of Flash Player.
If the user clicks OK and runs the executable, they will infect the computer with a trojan. This threat contacts a large list of malicious domains, attempting to download further malware, thus opening the computer to a variety of threats.
The attackers behind Android.Opfake, which we discussed back in the May report, are not ones to let an opportunity such as the Olympics go by without trying to use the topic to spread their malware. Irfan Asrar, a Security Response Manager focused on mobile threats, has been keeping a close eye on this threat. “The authors behind Android.Opfake are now going after apps related to the London 2012 Olympics” says Asrar. He recently noticed the attackers bundling their threat with a copy of a legitimate Olympics application. The legitimate app, a game promoting some of the more popular Olympic sports, was copied and repackaged with the trojan and then distributed on a Russian Android app marketplace.
If installed, the trojan will send premium-rate SMS messages from the compromised device, leading to profits for the attackers and an increased mobile phone bill for the user. Fortunately Symantec customers are covered. “Users of Norton Mobile Security will be warned upon visiting the site distributing the malware,” says Asrar.
Olympic-themed spam and scams
We discussed Olympic spam scams back in May, highlighting a lottery-style scam in the report. The spammers have continued sending out a wide variety of spam since then. We took a look at an assortment of Olympic-related subject lines that have been in use since May, and the frequency that they appeared each day. While there was an especially busy period for a week in mid-June, the spam rate has increased steadily for the most part, effectively doubling from late May to late July, when the Games began.