Euro 2012 became another tool in the hands of cyber criminals. They used the international soccer celebration as bait to lure Internet users to malicious websites. Trend Micro specialists uncovered a number of fake websites of this type.
One domain, many threats
Analyzing cybercriminals’ activity related to Euro 2012, Trend Micro experts identified a website
The FAKEAV activation page is actually a phishing tool – attacks that trick users out of their sensitive data. It also turns out that TROJ_FAKEAV.HUU crashes Internet Explorer, Mozilla Firefox and Google Chrome.
On the same page, there is also TROJ_LOADR.BGV file that links to three URLs and downloads TSPY_ZBOT.JMO version of ZBOT program. This type of malware phishes for online bank account details.
Cybercriminals have also used the popularity of the June 21 Czech-Portugal national team match to scam the positioning of a malicious website – known as Blackhat Search Engine Optimization (BHSEO).
After typing the string of words “watch Portugal vs Czech Republic live match” into a search engine (Watch Portugal vs Czech Republic match live), a malicious website appeared among the top positioned results. When clicked, the user was redirected to a page with a video offer instead of the match broadcast page. Once the user accepted the offer, without their knowledge, they were connected to related websites that tracked their location and IP address. In this way, fraudsters were able to earn money by using this data as access to websites with advertisements.
Another similar attack was carried out during the England-Italy match. The website
Fake app for Chrome and clickjacking
Nigerian Euro 2012 scam
The wave of cyber attacks did not bypass also people using Facebook. On the most popular social networking site, a number of posts were observed allegedly leading to websites offering match streaming. However, just like in the case of the malicious browser app, these pages also redirected users further, allowing scammers to use the visits to make money from ads.