How cybercriminals tried to use Euro 2012

Euro 2012 became another tool in the hands of cyber criminals. They used the international soccer celebration as bait to lure Internet users to malicious websites. Trend Micro specialists uncovered a number of fake websites of this type.

How cybercriminals tried to use Euro 2012

One domain, many threats

Analyzing cybercriminals’ activity related to Euro 2012, Trend Micro experts identified a website uro2012.com. The website impersonated the official website http://www.uefa.com/uefaeuro/. After scanning, it turned out that the website contained several malicious programs, including TROJ_FAKEAV.HUU version of FAKEAV. When launched, it displayed a screen imitating the result of scanning an infected computer. The purpose of the program is to induce the user to install a fake antivirus program and purchase and activate its full version.

The FAKEAV activation page is actually a phishing tool – attacks that trick users out of their sensitive data. It also turns out that TROJ_FAKEAV.HUU crashes Internet Explorer, Mozilla Firefox and Google Chrome.

On the same page, there is also TROJ_LOADR.BGV file that links to three URLs and downloads TSPY_ZBOT.JMO version of ZBOT program. This type of malware phishes for online bank account details.

Malicious positioning

Cybercriminals have also used the popularity of the June 21 Czech-Portugal national team match to scam the positioning of a malicious website – known as Blackhat Search Engine Optimization (BHSEO).

After typing the string of words “watch Portugal vs Czech Republic live match” into a search engine (Watch Portugal vs Czech Republic match live), a malicious website appeared among the top positioned results. When clicked, the user was redirected to a page with a video offer instead of the match broadcast page. Once the user accepted the offer, without their knowledge, they were connected to related websites that tracked their location and IP address. In this way, fraudsters were able to earn money by using this data as access to websites with advertisements.

How cybercriminals tried to use Euro 2012

Another similar attack was carried out during the England-Italy match. The website glandvsitalylivestreameuro2012online.com redirected users to the address: http://www.og.com/2012/06/england-vs-italy-live-stream/, which allegedly offered access to live broadcast of the match. In reality, the user was only taken to a page with a fake survey, which in turn led to related pages that collected data on visits to advertising websites.

Fake app for Chrome and clickjacking

How cybercriminals tried to use Euro 2012

Nigerian Euro 2012 scam

The wave of cyber attacks did not bypass also people using Facebook. On the most popular social networking site, a number of posts were observed allegedly leading to websites offering match streaming. However, just like in the case of the malicious browser app, these pages also redirected users further, allowing scammers to use the visits to make money from ads.

Like this post? Please share to your friends:
Mobile Pedia