Hitmetrix - User behavior analytics & recording

Spammers target Olympics-linked organizations

In addition to the world’s best athletes and sports fans, the 2008 Olympic Games are bringing out the spammers.

A new spam attack is aimed at sporting organizations that work with Olympic athletes, according to MessageLabs.

Big news or other subjects of global interest are often used to get people to open malicious e-mails. “A lot of malware attacks like to use news hooks to get people to open the e-mails,” said Paul Woods, senior analyst at MessageLabs. “We’ve seen attacks specifically targeted at national sporting organizations that are involved with the Olympics in some way.”

These spam messages, which have been targeting 19 different domains and originated from a Google Gmail address, are dressing up the message to appear as though it is from the International Olympic Committee. Malware is hidden within an Adobe Acrobat PDF file attachment — when a recipient clicks on an attachment, the infected file automatically opens Adobe reader and the embedded JavaScript drops a malicious executable program onto the target’s computer. This then compromises the infected computer allowing confidential information to be leaked to an external party.

“The PDF opens just like a press release, which these organizations are used to getting at this time,” Woods added.

Woods would not say which organizations had been attacked, but did say that they are firms that work directly with Olympics-related sporting issues.

Although the initial PDF is blank, when opened it contains similar information to the press release used in the e-mail body to convince the user that it is genuine.

Related Posts