Lavasoft Security Experts Warn of Top Five Online Risks Surrounding the FIFA World Cup

Gothenburg, Sweden
(June 3, 2010)
-

Well-known anti-spyware pioneer Lavasoft today warned computer users to be aware of stealthy online traps set by cyber criminals to leverage public interest surrounding the 2010 FIFA World Cup – and issued advice to follow to make sure people enjoy the month-long tournament without becoming the target or victim of an attack.

A growing trend seen by online security experts is for scammers to take advantage of the latest breaking news and major worldwide events to distribute malware and con potential victims. The World Cup, which begins in only one week and lasts throughout mid July, is known to be the most widely-viewed sporting event in the world. Events that draw such pervasive and ongoing public interest will, without a doubt, be used to propagate socially-engineered crimes – where users are manipulated into performing certain actions or disclosing confidential information, according to the security analysts at Lavasoft Malware Labs.

“Cyber criminals know that they can exploit popular international events to lure victims through various types of social engineering tactics. The World Cup is a prime target due to its prestige and the amount of interest it draws from fans around the world,” says Andrew Browne, head of Lavasoft Malware Labs.

Lavasoft Malware Labs' analysts anticipate that the following five online security risks will be most prevalent leading up to and during the World Cup – and offers specific steps to take to avoid becoming a victim.

  1. Spam with malicious attachments. Be wary of unsolicited World Cup-related messages with an attachment, particularly if the attached file is a PDF. One of the latest PDF attacks took advantage of an Adobe Reader vulnerability that was recently patched. “Check that all applications and programs are patched and up-to-date. Turn on Windows automatic updates and make sure to have the latest security patches from Microsoft installed,” Malware Labs says.
  2. Targeted phishing ploys. Malware Labs expects to see a deluge of the following themes in World Cup-related phishing messages: refunds, tickets sales and lotteries, accommodations, travel, and team merchandise. “If you receive an unsolicited message, delete it without opening,” Malware Labs says.
  3. SEO poisoning. Cyber scammers will likely poison search engine results using World Cup-related headlines and videos to lead to malicious sites in an attempt to push rogue (fake) security software and other types of malware. “Check all URL's carefully before clicking on them, and be especially mindful of only using trusted sites during this time,“ Malware Labs says.
  4. Application downloads. With so many viewers planning to watch the games online, malware purveyors are sure to capitalize on ways to infect users looking to download media players. “Vet any applications that allow you to stream World Cup content,” Malware Labs says.
  5. Legitimate sites serving malware. Malicious code can be hacked into vulnerable, legitimate websites in order to infect users. Legitimate World Cup-related sites will be attractive targets for cybercriminals. “Make sure that you have core protection on your PC (anti-virus, anti-spyware, and firewall). Consider using an alternate browser, like Google Chrome or Mozilla Firefox, rather than Internet Explorer. If you use Firefox, install the NoScript plug-in for Firefox to intercept potentially malicious scripts (http://noscript.net/),” Malware Labs says.

Lavasoft also encourages employers to help guard their company, organization or network from World Cup-related risks by educating employees who may be searching online for news and video related to the games during work hours.

“The target of these types of social engineering attacks is the computer user, where infection occurs by the person making an interactive choice. We hope that sports fan watching the games online from their home or office – in addition to having anti-malware protection on their PC's – pay close attention to the types of threats that we anticipate will be prevalent so they have a better understanding of what not to click, download, or respond to,” Browne says.