But while it seems that David Beckham is increasingly likely to miss the World Cup due to injury, the cybercrime underworld are certain to be gathering their cohorts to spam and scam the unwary out of their hard earned cash. This is not anything new of course; cybercriminals regularly hide behind major news events like disasters and sporting events to spread their malicious activities. Whether it be phishing, spam, malicious downloads, poisoned searches, or anything else, they are trying to get hold of one thing – money!
Symantec recently launched a new website – www.2010netthreat.com – which will host up-to-date data and information specific to security threats and scams around the world cup in South Africa. Now we’ve developed a new video in the popular series ‘Symantec Guide to Scary Internet Stuff’ called Net Threats which seeks to educate users to the potential scams and threats cybercriminals use to hide behind major sporting events like the world cup. Please take a look and tell us what you think?
It is certainly powerful stuff to see on national TV the perpetrator of a diabolical scam running in terror when confronted by a BBC camera crew – http://news.bbc.co.uk/1/hi/uk/8517243.stm after they traced him to Spain.
Allegedly, according to the BBC, this ‘gentleman’ was involved in yet another of the numerous scams and hoaxes trying to get well intentioned people to give their hard earned money to what they think it a worthy charity – in this case to support the needy in Haiti following the disastrous earthquake last month – but actually it is going to criminals.
But as we have warned repeatedly, this sort of scam is all too common. Whether it be the death of a well-known celebrity, like Michael Jackson last year; or rumours of the death or injury of a star like Johnny Depp earlier this year; or indeed the outpouring of support when the poorest in the world suffer disasters like in Haiti; criminals are all to quick to capitalise and scam or con the unwary.
Indeed just this week, in the latest Symantec Spam and Phishing Report, we highlighted that spammers were using the Haiti disaster to scam people within 24hours of the news breaking. They started with ’419 type spam’, asking users to donate money to a charity. When users send their donation, the money disappears into an offshore bank account.
Then we saw spammers taking advantage of this tragedy to deliver malware. They sent out links to apparent video footage regarding the tragedy to lure people in, but when the user clicks on the link to view the video, a Trojan is downloaded instead.
- Avoid clicking on suspicious links in email or instant messages as these may be links to spoofed, or fake, Web sites.
- Never fill out forms in messages that ask for personal or financial information or passwords. A reputable charitable organization is unlikely to ask for your personal details via email. When in doubt, contact the organization in question via an independent, trusted mechanism, such as a verified telephone number, or a known Inter-net address that you type into a new browser window (do not click or cut and paste from a link in the message).
Cybercriminals can’t wait for the 2010 Vancouver Winter Olympic Games to get underway tonight. No, spamming, hacking and creating botnets haven’t become an Olympic sport, but these malicious attackers are greatly anticipating the millions of followers who will be going online to watch events, read news and obtain updates on the Games.
Key sporting events such as the Vancouver Olympics and the 2010 Football World Cup provide the perfect scenario to dupe victims around the world with Olympics-related spam emails, phishing attacks and other nasty Web tricks – with the sole purpose being to steal personal information and identities. Symantec anticipates seeing a rise in cybercrime activity during the 2010 Winter Games since, as is common surrounding high-profile events.
During the 2008 Beijing Olympic Games, spammers enticed users with newsworthy subject lines to open email messages prompting them to click on links hosting malware.
A few of those subject lines included:
• Are Chinese gymnasts too young for Olympics?
• Beijing Olympics cancelled
• Beijing postpones Olympics due to McCain-Dalai Lama meeting
To avoid being a victim during the 2010 Games, Symantec urges you to follow these best practices:
• Purchasing Official Olympic Tickets – When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.
• If it sounds too good to be true, it probably is – Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.
• Use caution when clicking links from within emails or IM messages – Links can contain viruses or Trojans, or lead users to infected websites. Never click a link in a suspicious email. Instead, make it a habit to type the full website URL, such as www.YouTube.com, into your Web browser.
• Never fill out forms in messages – Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.
• Update your computer – Have a hacker –free Olympic experience by ensuring that all personal and work computers are protected with up-to-date antivirus software and the latest operating system and application patches.
Events of global significance be they natural disasters, the death of a celebrity or sporting occasions, are guaranteed to bring scammers and other cybercriminals out of the woodwork. Indeed phishing attacks alone increased by 66 per cent during the Beijing Olympics in 2008.
This year’s World Cup in South Africa is likely to be no different. That’s why Symantec has today launched its own dedicated website, www.2010netthreat.com, to provide data, commentary, safety tips and useful links for football fans surfing the Internet for news, tickets and information on the tournament.
Symantec has already installed additional network sensors in South Africa and southern Africa to monitor traffic and so far we’ve detected 27 unique files that have not hitherto appeared outside the region. We’ll keep you regularly updated with the latest information regarding World Cup related Internet security threats.
Microsoft has announced that today (Thursday 21st January) at approximately 6pm UK time, it will release an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies.
The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.
Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far, however they appear to be very high profile attacks. The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected.
Despite the fact that we’ve seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won’t see more attack attempts. And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8.
This security hole is so dangerous because it allows for remote exploitation. This means attackers can run any malicious code of their liking on a victim’s machine by taking advantage of the vulnerability.”
We strongly encourage users to patch their systems against this vulnerability. In addition, businesses are encouraged to consider implementing an automated patch management solution to help mitigate risk.
As we head into Christmas party season we can expect that alcohol-fuelled “forgetfulness” will see many work laptops and smartphones left in bars and varying forms of public transport as people raise a glass to celebrate the festive season as well as having survived an incredibly difficult year.
In an increasingly mobile workforce the number of corporate devices with sensitive data on them, such as laptops and smartphones, is growing. In fact, ABI Research recently stated that the number of smartphones shipped this year was 178.3 million.
With that in mind, please be careful that you store your laptops and phones in a safe place before ordering your first tipple.
So course Christmas parties are a time to let your hair down and have fun. However, losing a work laptop or smartphone could leave you with more than just a hangover. If your business doesn’t operate daily back-ups then it may not be able to recover your precious corporate information. The worst case scenario will be if the device has fallen into the wrong hands, as it poses an incredible security risk. A criminal will be able to use the unprotected laptop or smartphone to access very sensitive corporate information – which they could then sell for considerable profit in the black market.
Listed below are 10 of the most common documents a cybercriminal will try to access should your device inadvertently fall into the wrong hands:
1. Your credit card information e.g. credit card number, magnetic stripe information, transaction data
2. Your employee information e.g. employee ID, salary and benefit information, personal health information
3. Sensitive customer data e.g. name, date of birth, national ID number
4. Price lists
5. Design documents
6. Source code
7. M&A contracts
8. High net worth client lists
9. Marketing plans
10. Financial earnings reports (during quiet period)
With this abundance of precious information available on corporate laptops and devices, make sure you take necessary precautions to minimise risk, should they fall into the wrong hands. Firstly both laptops and smartphones should be locked with strong passwords. Also, you shouldn’t forget about physical security – laptops can locked down with cables and Kensington locks and PDAs can be protected in locked cases.
However, should you fall victim, follow this guide and also informing your IT manager immediately, so that the device can be remotely disabled.
There is a new piece of malware doing the rounds, a Trojan called Zeus or ZBot (and according to one sourceit has infected 1% of PCs in the US and is now the source of the largest bot network in the world). Most of the larger anti-virus / anti-malware applications, including Symantec & Norton, detect Zeus and its variants – but you do need to keep up to date with the signature files (and therefore your subscription!)
These days, updates happen automatically – as long as you haven’t switched them off. Unfortunately people do switch off the automatic update feature – usually because they want to download something else or watch TV on the PC and they believe that the downloads will effect the speed / picture quality. Well, if you happen to be on a really, really slow line, then there is some truth in that, but for most people, this is no longer an issue – so switch those updates back on!
(And remember… don’t open attachments from people you don’t know – in and look closely at the attachment from those you do – if it looks like an application for example those files with the extension .EXE, or .MSI – then don’t open that either. The easiest way for malware, especially bots to be installed on your system is for you to be tricked into doing it!)
Last year we embarked on producing an occasional series of short video’s looking at common internet threats and issues. So far they have covered: Phishing, Botnets, The Underground Economy and Drive-by Downloads.
We wanted them to be educational and have some humour to better educate people using the web at home and at work about how to protect themselves from common threats and risks. So far the initial 4 video’s have gone down well, being posted on sites like YouTube and Facebook, as well as the Symantec website and even a number of online retailers.
The lastest two video’s in the series have just been finished. They are:
- Symantec Guide to Scary Internet Stuff – No 5 Misleading Applications
- Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
Please have a look at them, and also the other videos in the series, and if you have any thoughts for new topics we should cover, let me know.
OK please forgive this little marketing-type plug…. but I think this is a great little tool….
As you no doubt know, Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network. More than 240,000 sensors in over 200 countries monitor attack activity through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services and Norton consumer products, as well as additional third-party data sources.
Symantec also gathers malicious code intelligence from more than 130 million client, server, and gateway systems that have deployed its antivirus products. Additionally, Symantec’s distributed honeypot network collects data from around the globe, capturing
And you can get access to all of this intelligence via a free screensaver which you can download to your PC which keeps you up-to-date on the threat landscape using a feed from Symantec’s DeepSight monitoring service. The ThreatCon rating in the screensaver also lets you know the current danger level of the Internet based on network incident and malicious code activity. The screensaver regularly updates itself when you are connected to the Internet.
All the technical details and the link to download the screensaver can be found here: http://go.symantec.com/screensaver
Wednesday 2nd September was the ‘official’ 40th anniversary of the Internet. To mark this important milestone we thought we’d take a look back at some of the most notorious threats ever seen online.
- I Love You (2000) – Who wouldn’t open an e-mail with “I Love You” in the subject line? Well, that was the problem. By May 2000, 50 million infections of this worm had been reported. The Pentagon, the CIA, and the British Parliament all had to shut down their e-mail systems in order to purge the threat.
- Conficker (2009) – The Conficker worm has created a secure, worldwide infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
- Melissa (1999) – Melissa was an exotic dancer and David L. Smith was obsessed with her and also with writing viruses. The virus he named after Melissa and released to the world on March 26th, 1999, kicked off a period of high-profile threats that rocked the Internet between 1999 and 2005.
- Slammer (2003) – This fast-moving worm managed to temporarily bring much of the Internet to its knees in January of 2003. The threat was so aggressive that it was mistaken by some countries to be an organized attack against them.
- Nimda (2001) – A mass-mailing worm that uses multiple methods to spread itself, within 22 minutes, Nimda became the Internet’s most widespread worm. The name of the virus came from the reversed spelling of “admin.”
- Code Red (2001) – Websites affected by the Code Red worm were defaced by the phrase “Hacked By Chinese!” At its peak, the number of infected hosts reached 359,000.
- Blaster (2003) – Blaster is a worm that triggered a payload that launched a denial of service attack against windowsupdate.com, which included the message, “billy gates why do you make this possible? Stop making money and fix your software!!”
- Sasser (2004) – This nasty worm spread by exploiting a vulnerable network port, meaning that it could spread without user intervention. Sasser wreaked havoc on everything from The British Coast Guard to Delta Airlines, which had to cancel some flights after its computers became infected.
- Storm (2007) – Poor Microsoft, always the popular target. Like Blaster and others before, this worm’s payload performed a denial-of-service attack on www.microsoft.com. During Symantec’s tests an infected machine was observed sending a burst of almost 1,800 emails in a five-minute period.
- Morris (1988) – An oldie but a goodie; without Morris the current threat “superstars” wouldn’t exist. The Morris worm (or Internet worm) was created with innocent intentions. Robert Morris claims that he wrote the worm in an effort to gauge the size of the Internet. Unfortunately, the worm contained an error that caused it to infect computers multiple times, creating a denial of service.
For a complete A-Z list of all threats, visit the Symantec Security Response website: http://www.symantec.com/security_response/threatexplorer/azlisting.jsp?azid=W