Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    We found a spam mail written in Japanese leveraging the Olympics to sell illegal products. We fully expected this event to be used by cybercriminals to profit. It appears that among the first to strike are sellers of B-CAS cards for TVs, which are supposed to allow the users to watch the Olympics without paying.

    These spammed messages – which have the subject line オリンピック全日程が見放題 (translated as Free access to all Olympic games in English) – have a link which leads to websites selling the illegal B-CAS card. The message itself says that normally, you have to pay more than 400,000 Japanese yen (more than 5,000 US dollars) per year in order to watch premium channels. Instead, the (illegal) B-CAS cards allow you to watch these channels for free.

    The website of these illegal cards describes these cards as “miracle cards” in Japanese:

    The order form – which asks the user for their name, email address, number of cards to be bought, shipping address, and contact information – does not use HTTPS, which all reputable vendors use to secure the transaction from possible interception. Not only is the site selling illegal goods, it’s set up in an insecure manner for any online commerce site.

    We have identified the server as being located in Hong Kong because of its IP address. Other landing pages for sites also selling B-CAS cards are located on this server as well.

    Here are some of the malicious URLs that we found on the server:

    • http://www.{BLOCKED}.com/
    • http://www.{BLOCKED}as.com/
    • http://www.{BLOCKED}atellite.net/
    • http://www.{BLOCKED}cas.com/
    • http://www.{BLOCKED}cesat.com/
    • http://www.{BLOCKED}dshop.net/
    • http://www.{BLOCKED}ear.com/
    • http://www.{BLOCKED}fect.com/
    • http://www.{BLOCKED}g-cas.com/
    • http://www.{BLOCKED}g-cas.net/
    • http://www.{BLOCKED}inareru.com/
    • http://www.{BLOCKED}lltv.com/
    • http://www.{BLOCKED}money-yes.com/
    • http://www.{BLOCKED}opping.biz/
    • http://www.{BLOCKED}s.com/
    • http://www.{BLOCKED}-satellite.com/
    • http://www.{BLOCKED}tylefree.com/
    • http://www.{BLOCKED}y2012.com/

    Note that the above URLs are all hosted on a single IP. The following diagram shows the relationship between the various sites and this single IP address, as well as the overall infection chain:

    The Trend Micro™ Smart Protection Network™ protects users from this threat by preventing the spammed messages from even reaching users’ inboxes via the Email Reputation Service. It also blocks access to malicious sites via the Web Reputation Service. We have blocked more than 2,500 attempts from Japanese users to access these sites for the last 30 days.

    We advise users to not purchase anything from these sites, as they could face criminal prosecution for merely buying these devices. Recently, the Kyoto Prefectural Police announced they had arrested both buyers and sellers of illegal B-CAS cards.

    With the Olympics only days away from starting, we expect other threats related to this event soon. Here are some blog entries and Web Attack entries that discuss similar threats:

    Web Attack Entries

    Malware Blog entries

    For complete information on the latest Olympic-themed threats—including quizzes and safety guides, you can visit Race to Security, the Trend Micro security guide to major sporting events such as the Olympics, by clicking the banner below:

    Related posts:





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice