dcsimg
RealTime IT News

Spammers Go for Olympics Gold

Spammers and cybercriminals are fanning the flames of the Beijing 2008 Olympics frenzy in a bid to get a cut of the take. And enterprises need to act now to avoid getting hammered.

The latest attack saw 57 e-mails containing press release and media information that appear to be from the International Olympic Committee (IOC) hitting 19 domains, according to MessageLabs, which provides managed secure electronic communications services.

These e-mails have an Adobe Acrobat PDF attachment which kicks off a malicious executable program when opened. The original e-mails were sent from international.olympic@gmail.com and international.olympic2008@gmail.com, according to MessageLabs.

Security experts say companies should take a two-pronged approach to the problem, focusing both on people and technology. On the people side, they should spell out their corporate policies on e-mail to staff and enforce them, and on the technology side, they should update patches on all their operating systems and applications, and take a layered approach to security.

Consumers have already been hit by Olympics-related scams. An Internet ticketing scam has victimized several people worldwide, and spammers have sent out an e-mail containing fake CNN News headlines that launch a virus into a user's system when the user clicks on them.

The spam containing fake CNN News headlines contains a link to a phony video and a message saying recipients must download a special player to view the video. Doing so would infect the user's computer.

Fighting the good fight

US-CERT, the United States Computer Emergency Readiness Team, which is a partnership between the Department of Homeland Security and the public and private sectors, issued a warning about this today. It said spam messages related to the Olympics and to fake CNN news reports prompts recipients to install a purported Flash Player update that is really malware.

US-CERT suggested users and administrators install antivirus software and update their virus signature files, and avoid clicking on unsolicited Web links received in e-mail messages. Its warning follows a security bulletin on the fake Flash Player issue put out by Adobe earlier this week.

Other Olympic-themed e-mails have subject lines such as Beijing Olympics canceled, moving to Atlanta, Obama buys 10 million Olympic ads, and Athletes ponder wearing masks to fight pollution -- Olympics -- Yahoo! Sports, according to MessageLabs.

Enterprises can fight the blitz. They "should emphasize what their current policies are, and have multiple layers of protection in place and functional to thwart these attacks," Don Leatham, director of solutions and strategy at security management firm Lumension Security, told InternetNews.com.

"If their spam filters are tight, they'll want to make them tighter; if they have a layered approach where they also have antimalware, a patching policy and spam detectors, it may not be so important for them to specifically target Olympic-related spam attacks," Leatham added.

He expects most attacks to be through infected PDFs or through malware disguised as video players. However, these won't affect enterprises if they have their security systems up to date.

"These attacks usually go after known vulnerability points," Leatham said. "As long as your operating systems and applications are well patched, your antispyware is looking for those types of exploits, and you have application control and whitelisting in place so that only known good applications can run, you should be safe," Leatham said.

Whitelisting is a security approach that only lets in applications or users who have been approved. It is gaining ground as a security measure because IT security is finding it impossible to keep track of all the new malware being created.

"An independent third party review of antivirus solutions showed they were only catching about 80 to 90 percent of known virus signatures," Leatham said. "Every single vendor missed a different set."

Worse yet, malware has become polymorphic which means it can change its name, the size of its files, the sub-fields and DLLs (dynamic link libraries) it uses, so "keeping an up to date signature database of malware is almost impossible," Leatham added.

"A whitelist says 'These are the guys you can let in,' and nobody else can come in," Leatham said. "That's a lot easier task."