World Cup Malware Ploy Targets Top Execs

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

With the FIFA World Cup soccer tournament less than two weeks away, hackers are stepping up their efforts to use one of the most important global sporting events to infect Internet users with malware and steal personal information.

According to security-software vendor Symantec (NASDAQ: SYMC), malware attacks using the 32-nation soccer extravaganza as a lure have become increasingly sophisticated and are targeting top executives at international manufacturing firms and inter-governmental agencies.

This type of targeted and socially engineered malware isn't new. Data thieves have been barnstorming the Internet with World Cup-related scams since March.

Symantec's MessageLabs officials said what differentiates these latest attacks -- beyond the fact that they're occurring much closer to the start of the World Cup -- is the way that hackers are repeatedly targeting the same desired victims over and over again and how they're using more complex and official-looking attachments to do their dirty work.

"MessageLabs Intelligence frequently sees certain users in certain organizations attacked again and again, month after month, either by one gang, or by multiple gangs," researchers wrote in a blog posting. "The attackers clearly have these particular users in sight, and they are determined to get their attack through to them, and access their sensitive or valuable data."

The first round of crude World Cup-related scams would originate from free Webmail accounts with .ZIP files that would include a Microsoft Excel file that, if opened, would drop malware onto the recipient's PC and create a back door for hackers to exploit.

The attacks were fine-tuned in subsequent months, adding cut-and-pasted graphics and displays from prominent, legitimate World Cup sites and charities. These later versions embedded the malware in the more common .pdf and .exe files.

But in both cases, Symantec and other security software vendors say the executives and officials singled out in the first few runs were targeted at least twice by the same scam in a six-day period.

It was this same persistence and organizational knowledge that made it possible for hackers to successfully infiltrate three of the world's largest oil and natural gas companies for more than 18 months beginning in 2008.

In that highly publicized malware attack, hackers directed all their unsolicited and tailored e-mails toward specific executives with alarming success. The scheme managed to trick some executives into divulging key intellectual property, including research and locations for future oil reservoirs.

All of the major security software vendors are warning companies, organizations and consumers to be especially vigilant and skeptical of any unsolicited e-mails and attachments pertaining to the World Cup until the tournament's conclusion in mid-July.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.