TECHNOLOGY Cybercriminals lure users into malicious schemes

Web pages leading to survey scam pages and ad tracking sites

By Naushad K. Cherrayil, Staff Reporter
June 27, 2012

Dubai: The ongoing 2012 Uefa European Championship has become the latest sporting event used by cybercriminals to lure users into their malicious schemes.

Security research firm Trend Micro has uncovered a malicious site with a domain name that copies the official UEFA Euro 2012 site and web pages leading to survey scam pages and ad tracking sites.

“It’s certainly not unusual for newsworthy events to be hijacked by online criminals searching for their next victim and of course the UEFA Euro 2012 is no exception,” Rik Ferguson, Director of Security Research and Communication at Trend Micro, told Gulf News.

“We spotted the site, which tried to mimic the official site Upon investigation, this site actually hosts several malware, once of which is the FAKEAV variant TROJ_FAKEAV.HUU,” he said.

The FAKEAV “activation page” is actually a phishing page designed to trick users into giving out sensitive information. TROJ_FAKEAV.HUU was also found to disable web browsers.

The domain also hosts the file TROJ_DLOADR.BGV which connects to three different URLs to download the ZBOT variant TSPY_ZBOT.JMO. ZBOT variants are notorious information stealers that target users’ online banking login credentials.

Once executed in the system, this malware displays a supposed scan result of the infected system. This may prompt users to purchase the bogus antivirus program and activate the said product.

Criminals are using “all means at their disposal to interpose themselves between football fans and their games; scam websites, malicious email, social networks, poisoned web searches, affiliate advertising scams and phishing campaigns have all been deployed,” he said.

“Online criminals only want to make money, they don’t care if their malicious campaigns are as simple as a spam email or as complex as an advertising fraud network,” he said.

Cybercriminals also used the fight between “Portugal and Czech Republic on June 21 as its social engineering ploy for Blackhat Search Engine Optimisation [BHSEO],” he said.

When users searched the keywords “Watch Portugal vs Czech Republic Live”, the malicious site appears as one of the top search results.

When clicked, users are redirected to a “video offer” page instead of a live video streaming of the game. “If users choose the offer, it will unknowingly access affiliate sites that track user’s location and IP address. In doing so, scammers can earn money by using these details as page visits to their advertisements,” he said.

Unfortunately, he said that Facebook users were not spared from this threat.

“We’ve noticed several wall posts that purportedly lead to a video streaming page for the event. However, like the rogue web extension, the page too leads to affiliate sites that enable scammers to earn money from users’ visits,” he said.

Scammers are also trying to trick football fans with “scam messages claiming that the reader has won a EURO 2012 Cup promotion lottery with seemingly vivid explanation in detail how the recipient’s email address reached them and how it was selected as a winner out of huge number of other participants,” said FortiGuard Antivirus analyst at Fortinet.

“Cyber criminals will attempt to ‘cash in’ with a flood of malware attacks,” she said.

Anyone with ration “should take precaution of such bogus emails serving the purpose of luring readers into sharing personal data. Huge risky potentials are out there,” she said.

New Stories in Business

Aviation Construction Markets Oil & Gas Property Technology Tourism Your Money