The Latest in IT Security

Illegal TV Cards Allowing Free Olympic Viewing Sold Online

27
Jul
2012

We found a spam mail written in Japanese leveraging the Olympics to sell illegal products. We fully expected this event to be used by cybercriminals to profit. It appears that among the first to strike are sellers of B-CAS cards for TVs, which are supposed to allow the users to watch the Olympics without paying.

These spammed messages – which have the subject line オリンピック全日程が見放題 (translated as Free access to all Olympic games in English) – have a link which leads to websites selling the illegal B-CAS card. The message itself says that normally, you have to pay more than 400,000 Japanese yen (more than 5,000 US dollars) per year in order to watch premium channels. Instead, the (illegal) B-CAS cards allow you to watch these channels for free.

The website of these illegal cards describes these cards as “miracle cards” in Japanese:

The order form – which asks the user for their name, email address, number of cards to be bought, shipping address, and contact information – does not use HTTPS, which all reputable vendors use to secure the transaction from possible interception. Not only is the site selling illegal goods, it’s set up in an insecure manner for any online commerce site.

We have identified the server as being located in Hong Kong because of its IP address. Other landing pages for sites also selling B-CAS cards are located on this server as well.

Here are some of the malicious URLs that we found on the server:

  • http://www.{BLOCKED}.com/
  • http://www.{BLOCKED}as.com/
  • http://www.{BLOCKED}atellite.net/
  • http://www.{BLOCKED}cas.com/
  • http://www.{BLOCKED}cesat.com/
  • http://www.{BLOCKED}dshop.net/
  • http://www.{BLOCKED}ear.com/
  • http://www.{BLOCKED}fect.com/
  • http://www.{BLOCKED}g-cas.com/
  • http://www.{BLOCKED}g-cas.net/
  • http://www.{BLOCKED}inareru.com/
  • http://www.{BLOCKED}lltv.com/
  • http://www.{BLOCKED}money-yes.com/
  • http://www.{BLOCKED}opping.biz/
  • http://www.{BLOCKED}s.com/
  • http://www.{BLOCKED}-satellite.com/
  • http://www.{BLOCKED}tylefree.com/
  • http://www.{BLOCKED}y2012.com/

Note that the above URLs are all hosted on a single IP. The following diagram shows the relationship between the various sites and this single IP address, as well as the overall infection chain:

The Trend MicroT Smart Protection NetworkT protects users from this threat by preventing the spammed messages from even reaching users’ inboxes via the Email Reputation Service. It also blocks access to malicious sites via the Web Reputation Service. We have blocked more than 2,500 attempts from Japanese users to access these sites for the last 30 days.

We advise users to not purchase anything from these sites, as they could face criminal prosecution for merely buying these devices. Recently, the Kyoto Prefectural Police announced they had arrested both buyers and sellers of illegal B-CAS cards.

Leave a reply


Categories

SATURDAY, SEPTEMBER 22, 2018

Featured

Archives

Latest Comments

Social Networks