Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2012
    S M T W T F S
    « Mar   May »
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for April 22nd, 2012




    The upcoming London Olympics is undoubtedly one of the most highly-anticipated sporting events of the year. It is also a favorite social engineering ploy among cybercriminals. Just recently, we found an Olympics scam in the form of a lottery that promises a free travel package to the event. Some online crooks, however, played it differently this time. Instead of the typical Olympic-related scams wherein users supposedly won tickets to the event, this scam arrives as spam disguised as an email advisory.

    As mentioned, this scam comes in the form of email messages that warn recipients of fake websites and organizations selling tickets to the London Olympics 2012. These mails contain the official logo of the event to possibly deceive users of its legitimacy. Included in the message is an attached .DOC file that lists these bogus ticket sellers. The attachment, however, is actually a malicious file detected by Trend Micro as TROJ_ARTIEF.ZIGS. The malware takes advantage of the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) to drop the backdoor BKDR_CYSXL.A. This backdoor may perform several malicious routines, including deleting and creating files and shutting down the infected system.

    Readers who frequently visit this site surely know that this is just one of the many Olympic-related scams that we have seen in the past. As early as October 2008, spam messages were found masquerading as Olympic 2012 lottery notifications. Other sports events like the Beijing Olympics in 2008 and the FIFA World Cup were also no strangers to this type of ruse.

    As the London Olympics 2012 draws near, we are expecting this type of threats to proliferate. Thus, users should make it a habit to check the legitimacy of any message before downloading the attachment or clicking the links included in it.

    Trend Micro users are protected from this threat via Trend Micro™ Smart Protection Network™, which detects and deletes all the related malware. Trend Micro Deep Security also shields systems from being exploited via Rule 1004498 – Word RTF File Parsing Stack Buffer Overflow Vulnerability.

    To know more about previous threats that took advantage of the Olympics, World Cup and other major sporting events, you may read our entry Sports as Bait: Cybercriminals Play to Win.

     
    Posted in Malware, Spam, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice