Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    The long-awaited London Olympics 2012 has officially opened. Apart from the fraudulent website that claims to sell tickets and another website that sells illegal cards to Japanese users, we also spotted several fake live streaming sites leveraging this sporting event. Some of these are the following:

    • http://olympicsopeningceremony2012live.{BLOCKED}
    • http://olympicgames2012live.{BLOCKED}
    • http://olympics-2012-live-stream.{BLOCKED}
    • http://olypiccoverage2012.{BLOCKED}
    • http://{BLOCKED}12openinglivestream.{BLOCKED}
    • http://{BLOCKED}
    • http://{BLOCKED}
    • http://{BLOCKED}ndonolympics2012liveonline.{BLOCKED}
    • http://{BLOCKED}12olympicsonline.{BLOCKED}
    • http://{BLOCKED}12olympicsliveonline.{BLOCKED}
    • http://{BLOCKED}
    • http://{BLOCKED}12olympicsliveonline.{BLOCKED}
    • http://{BLOCKED}12olympicsliveonline.{BLOCKED}
    • http://{BLOCKED}12olympicsliveonline.{BLOCKED}
    • http://{BLOCKED}ympics2012livestreamfree.{BLOCKED}
    • http://{BLOCKED}donolympics2012liveonline.{BLOCKED}
    • http://{BLOCKED}12olympicsliveonline.{BLOCKED}
    • http://{BLOCKED}peningceremony2012.{BLOCKED}
    • http://{BLOCKED}

    When users searched for the keywords “watch london olympics opening ceremony live,” “watch london olympics online,” and “watch london olympics 2012 live,” the above-mentioned websites appeared as one of the top search results via Blackhat Search Engine Optimization (BHSEO).

    Upon analysis, some of these sites redirected to fake live broadcasts of London Olympics 2012 and contained a link for buying cheap albeit bogus tickets. The said URL has been previously discussed in this blog entry.

    Other fake live streaming sites redirect to another site requiring an email address. As such, cybercriminals can harvest email addresses, which may be used for their spamming activities.

    We were also alerted to reports of malicious websites disguised as the Google Play store. The webpage content is written in Russian language and has a search box. When users search for London Olympics-related application, a rogue application, London2012-Official game is seen. The said site also contains a QR code and download button. Once unsuspecting users clicked the download button, it redirects to a web hosting site that serves a variant of ANDROIDOS_SMSBOXER malware family. This malware is notorious for sending messages to premium numbers without the user’s consent.


    In the same bogus Google Play store, we also saw another rogue application (called The Dark Knight Rises mobile game) leveraging the movie, The Dark Knight Rises.

    Users are strongly advised to download apps related to London Olympics in the official Google Play store and watch live streaming on legitimate sites only.

    Trend Micro™ Smart Protection Network™ protects users from these threats by blocking all the related URLs and detecting the malicious file.

    For more information on threats leveraging sporting events like Olympics, visit Race to Security.

    Additional text provided by Fraud Analyst Paul Pajares.

    Hat tip to Jovi Umawing for first writing about the malicious Olympics-related app in Google Play store.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice