As the London 2012 Olympics opening event draws near, Trend Micro Researchers have spotted some spammed messages using the 2012 Olympics as bait, one involved an email that says “winning notification”, another message asks for personal details in exchange for a prize, and another that asks users to notify a specific contact person. Users who fall for any of these traps are at risk of having their information stolen or their machines infected with malware. Some spam may even lead to monetary loss.
Amit Nath, Country Manager – India and SAARC, Trend Micro, said, “Attackers are still using these because these scams are still giving them successful margins. Social engineering has worked for years and there are little signs of that changing. So long as users are still falling for this trap, scammers will continue to create new spam runs using events like the London Olympics to make a quick buck.”
Trend Micro Researchers have also encountered several messages supposedly related to London Olympics 2012 that arrive with attachments disguised as “winning notifications” and contain the details of the prize. Curious users who download and open the attachments are actually executing malicious files.
The cyber criminals broke into one of the government servers and hacked as many as 27 websites of various departments of Andhra Pradesh exposing the chinks in the state’s cyber security.
It is believed that the hackers did not deface the pages or steal the information but only added additional pages with their message.
The websites which were hacked include those of departments of commercial taxes, general administration department, horticulture, factories, gazette notifications and government orders.
Some Bangladeshi hacking groups are suspected to be behind the incident.
Ponnala Lakshmaiah, State Information Technology Minister claimed, “There was no loss of data. One of the 50 government servers was hacked and 27 websites supported by the server were affected.”
The officials shared, “None of the websites had data relating to 2012-13 budget, which is to be presented in the state legislature Friday.”
Anam Ramnarayan Reddy, Finance Minister denied that the website of finance department was hacked. He denied that the budget was leaked. The minister said the budget would be posted on the website only after it was presented in the budget.
Trend Micro researchers have come across a scam in Facebook that leverages the upcoming occasion. The said attack begins with a post on affected user’s wall inviting other users to install a Valentine’s theme into their Facebook profile.
Once users click on this post, they are redirected to another page that urges them to install the said theme. Note that this attack only works on either Google Chrome or Mozilla Firefox browsers. Clicking the Install button on the page will prompt the download of the malicious file, FacebookChrome.crx which Trend Micro detects as TROJ_FOOKBACE.A. When executed, TROJ_FOOKBACE.A executes a script that is capable of displaying ads from certain websites.
It also installs itself on the users’ browsers as an extension names Facebook Improvement Facebook.com. Once this malicious browser extension is installed, it will monitor the users’ browsing activities and redirect their page to a survey page asking them for their mobile number. Users who clicked on the post using Internet Explorer (IE) will be redirected to the same survey, without them being asked to download anything.
Suchita Vishnoi, Head – Marketing, Trend Micro (India & SAARC), said, “The fact that the attack itself is focussed on Chrome and Firefox may mean that cybercriminals are targeting extension-compatible browsers, as well as going after more popular browser choices. This is not the first attack of its kind, but considering this the extension-capable browsers are coming to the fore front now,” she further added. “It is advised users to inspect such links closely and to never click any of the links provided in these. It is typical for spammers to use prominent events/ brands such as Reader’s Digest, or enticing contests to cloak their malicious schemes. Users should first verify with trusted sources about the existence of these promos to avoid becoming victims of such ruse. Contacting the organization purportedly behind the message by other means such as actual onsite visitation or a call on their hotline should also work as a way to verify if the message itself is, in fact, true.”