I recall watching a Sandra Bullock film called “The Net” in the mid-nineties. It was about a software engineer, played by Bullock, who inadvertently became entangled in a web of cyber espionage and eventually had to fight for her identity (and even her life) in a flood of harrowing situations. One of the key plots in the film was that Bullock’s character was a recluse, rarely leaving her house and having virtually no life outside of cyberspace. This plot angle was a direct result of the budding age of the Internet and spurred popular discussions about how this newfangled “world wide web” was going to turn us all into hermits, cut off and desensitized to the real world around us.
I don’t know about you, but I still enjoy a nice walk in the park and dinner out with friends. However, it would seem that at least one group among us has grown quite desensitized to the finer points of the real world; these days, it seems nothing is off-limits to cybercriminals.
Now I know that criminals are often predators that take advantage of others, but it seems as if cybercriminals are a special breed. They operate in the shadows of the digital world, never having to see the faces or personal sides of their victims. To them, their victims are nothing more than a means to a credit card number on a screen. Thus, we see them regularly trying to steal from computer users by exploiting even the most tragic situations: the crash of Air France Flight 447 last year and the recent Haiti earthquake are two that come to mind. In the case of the latter, cybercriminals even developed widespread scams trying to steal from good Samaritans attempting to donate to the relief efforts.
So, if the lowest of the low cybercriminals will exploit even the most tragic news event, think how many are trying to take advantage of computer users by capitalizing on any possible weakness—news related or not. It’s a bit of an eye opener.
With such a major world event as the 2010 FIFA World Cup nearly upon us, it’s more important than ever for computer users to be vigilant in protecting themselves. Symantec has historically observed that nearly every major sporting event quickly becomes the target of malware authors and spammers to some degree. Below are a couple of examples of some online scams we’ve recently seen around major sporting events.
This first e-mail, purporting to offer information about how to attend the NFL Pro Bowl 2010, is actually an underhanded pharmaceutical spam campaign:
This next screenshot is of poisoned search engine results involving the NFL’s Super Bowl XLIV that appeared not even 24 hours after the contenders were crowned as champions of their respective conferences. The popular search term “Super Bowl 2010 Score” brought up 26 dangerous websites among the first 100 results. Likewise, “Super Bowl 2010 Line” included 23 dangerous sites popping up among the first 100 results.
This screenshot shows a few of the malicious links that appear after searching for “Super Bowl 2010 Line”:
Attracting more than 1 billion soccer fans, Symantec anticipates that the World Cup (which starts on June 11) will be one of the most targeted events by malware authors and spammers this year. So, Symantec wants to beat cybercriminals to the punch. Today, Symantec announced a dedicated website, www.2010netthreat.com, which will feature data, commentary, safety tips, and useful links for soccer fans surfing the Internet for news, tickets, and information on the World Cup.
Symantec has already begun monitoring additional network sensors in southern Africa to analyze traffic and provide important security-related information to customers looking to secure their networks against additional World Cup-related threats. Much of the threat activity will not be new to the world of cybercrime: spam, phishing, identity theft, ticket scams, viruses, Trojans, drive-by downloads, and denial-of-service attacks targeted at anything associated with the World Cup.
We think the Net Threat site will go a long way in helping soccer fans stay safe online during the flurry of malicious activity we anticipate around the World Cup. However, computer users need to remember that online threats are always present and so online security best practices, such as the following, should always be adhered to:
• Always keep your entire computer system, including the operating system, applications, plug-ins, etc. up to date with the latest security patches.
• Have security software from a legitimate vendor up to date and running at all times.
• Never open email attachments from unfamiliar senders and even be wary of unexpected attachments from known senders.
• Don’t click on hyperlinks or URLs in emails from unknown senders or that seem strange.
• Don’t click on links in social networking messages, even if from a known “friend,” that seem out of character.
• Don’t accept social networking “friend” or “follower” requests from individuals you don’t know.
• Think twice before entering your real birth date or other sensitive information on social networking sites.
• Check your online account privacy settings regularly.
• Use complex and unique passwords for each of your online accounts, and change them frequently.
• Don’t share your passwords with anyone.
• Don’t answer yes when prompted to save your passwords to a computer. Instead, rely on strong passwords committed to memory or stored in a dependable password management program.