The notifications sent by cybercrooks carry a dangerous attachment

Apr 23, 2012 12:44 GMT  ·  By

Experts have warned that this year cybercriminals would rely on London 2012 Olympics schemes to spread their pieces of malware, or to defraud unsuspecting users. The predictions came true, and, as Trend Micro researchers demonstrate, the plots are highly clever.

The title is not incorrect! The fraudsters actually send spam emails, urging recipients to be on the lookout for bogus websites that claim to sell tickets for the big event.

“Don’t be fooled by bogus websites and organizations claiming to sell tickets to the Games. Tickets will be available from this website, for the UK and EEA (European Economic Area) residents only, and official London 2012 sales channels from spring 2011. You will not be asked to make a payment or sign a contract until then,” reads the email.

The part that follows, tells recipients to download an attachment to see the list of sites and organizations that are illegally selling tickets.

In reality, the attached document is nothing more than a Trojan identified by Trend Micro as TROJ_ARTIEF.ZIGS, a malicious element that’s designed to leverage a vulnerability in Microsoft Office to drop the BKDR_CYSXL.A backdoor.

The backdoor then allows the cybercriminal that controls it to perform a number of malicious actions, including deleting files and shutting down the system.

With the London 2012 Olympic and Paralympic Games approaching fast, we can expect more of these types of schemes to land in our inboxes. That is why users are advised to act with caution when coming across such emails.

Just because they display the official Games' logo, it doesn’t mean that they are legitimate. Also, it’s good to remember that links are just as dangerous as attachments because they can always point to a malware-serving compromised site or to a phishing page that tries to collect credit card information in return for event-related services or products.