Hi-tech thieves target Olympics

Hi-tech thieves target Olympics The Olympics has motivated many hi-tech criminals into launching attacks

The start of the Olympics has proved irresistible to cyber criminals, say security firms.

The volume of junk e-mail messages with an Olympic theme spiked prior to the opening ceremony, said Symantec.

The malicious messages try to trick people into visiting fake sites or opening booby-trapped e-mail attachments, say other firms.

Some messages falsely claim users have won an Olympic lottery and encourage them to respond to claim their prize.

Hack attack

"The Beijing Olympics is gearing up to be one of the biggest events of the year and hackers and spammers will see it as a massive opportunity to compromise the unwary," said Con Mallom, a spokesman for Symantec.

Symantec said the messages in the spam it had seen related to the games ran the gamut of modern security threats.

"Members of the public have to remember that they should not open e-mails or click on links from unknown sources, no matter how many gold medals they are offering," said Mr Mallom.

Rik Ferguson of Trend Micro said the games could inspire attacks on sites related to the games in a bid to compromise them. The hijacked sites would then be used to attack visitors keen to catch up with the sporting event.

The most effective way to avoid the pitfalls is to make your device an unattractive target Carole Thierault, Sophos

"We are fully anticipating malicious social engineering techniques to exploit people's interest in this event, luring unsuspecting users into clicking on compromised websites and into handing over sensitive personal information," he said.

Security firm Marshal said many of the malicious and junk messages emerging from the Rustock botnet were about the games.

A botnet is made up of a collection of home computers that have been hijacked by a gang of hi-tech criminals who then put it to a variety of ends. Some gangs simply vacuum up the personal data they find on compromised machines, others use the botnets to pump out spam or to attack other sites.

Phil Hay, lead threat analyst for Marshal, said e-mails sent out via Rustock to catch people out were getting more sophisticated. The latest batch appear to be about headline stories on CNN and many concern the Olympics.

Those clicking on the headlines get taken to a fake CNN video report and is asked to install a codec to watch the film. Those installing the codec become part of the Rustock botnet.

"As time has gone on, the criminals behind Rustock have adjusted the appearance and sophistication of their messages to become more convincing at fooling recipients into infecting themselves," said Mr Hay.

Most attacks are aimed at PCs running Windows

Security company MessageLabs said it was not just members of the public that were at risk. The company said it had seen a campaign that used e-mails crafted to look like they had been written by the International Olympic Committee.

The messages have been sent to those who are part of national sporting organisations or help train athletes.

Travelling with the fake messages is a booby-trapped Adobe PDF that, if installed, steals data from a compromised PC.

The vast majority of the computer security threats taking advantage of the Olympics are aimed at users of Windows PCs.

Carole Thierault, senior security consultant at Sophos, said to stay safe people should keep their anti-virus software up to date, use a firewall and install updates to Windows as they become available.

Of course hackers will do their best to capitalise on this event," said Ms Thierault. "The most effective way to avoid the pitfalls is to make your device an unattractive target.