The Latest in IT Security

The long-awaited London Olympics 2012 has officially opened. Apart from the fraudulent website that claims to sell tickets and malicious website that sells illegal cards to Japanese users, we also spotted several fake live streaming sites leveraging this sporting event. Some of these are the following:

• http://olympicsopeningceremony2012live.{BLOCKED}d.com
• http://olympicgames2012live.{BLOCKED}d.com
• http://olympics-2012-live-stream.tumblr.com
• http://olypiccoverage2012.{BLOCKED}d.com
• http://{BLOCKED}12openinglivestream.{BLOCKED}d.com
• http://{BLOCKED}livestream.epl-schedule.com
• http://{BLOCKED}ingceremony2012live.blogspot.com
• http://{BLOCKED}ndonolympics2012liveonline.{BLOCKED}g.com
• http://{BLOCKED}12olympicsonline.{BLOCKED}log.com
• http://{BLOCKED}12olympicsliveonline.{BLOCKED}o.com
• http://{BLOCKED}ndonolympicsliveonline.tumblr.com
• http://{BLOCKED}12olympicsliveonline.{BLOCKED}w.com
• http://{BLOCKED}12olympicsliveonline.{BLOCKED}b.com
• http://{BLOCKED}12olympicsliveonline.{BLOCKED}ner.com
• http://{BLOCKED}ympics2012livestreamfree.{BLOCKED}d.com
• http://{BLOCKED}donolympics2012liveonline.{BLOCKED}g.com
• http://{BLOCKED}12olympicsliveonline.{BLOCKED}b.com
• http://{BLOCKED}peningceremony2012.{BLOCKED}b.com
• http://{BLOCKED}urnal.co.uk

When users searched for the keywords, “watch london olympics opening ceremony live,” “watch london olympics online,” and “watch london olympics 2012 live,” the above-mentioned websites appeared as one of the top search results via Blackhat Search Engine Optimization (BHSEO).

Upon analysis, some of these sites redirected to fake live broadcast of London Olympics 2012 and contained a link for buying cheap albeit bogus tickets. The said URL has been previously discussed in this blog entry.

Other fake live streaming sites when clicked will redirect to another site requiring an email address. As such, cybercriminals can harvest email addresses, which may be used for their spamming activities.

We were also alerted to the reports of malicious websites disguised as Google Play store. The web page content is written in Russian language and has a search box. When users search for London Olympics-related application, a rogue application, London2012-Official game is seen. The said site also contains a QR code and download button. Once unsuspecting users clicked the download button, it redirects to a web hosting site that serves a variant of ANDROIDOS_SMSBOXER malware family. This malware is notorious for sending messages to premium numbers without the user’s consent.

 

In the same bogus Google Play store, we also saw another rogue application (called as The Dark Knight Rises mobile game) leveraging the movie, The Dark Knight Rises.

Users are strongly advised to download apps related to London Olympics in the official Google Play store and watch live streaming on legitimate sites only.

Trend MicroT Smart Protection NetworkT protects users from these threats by blocking all the related URLs and detecting the malicious file.

For more information on threats leveraging sporting events like Olympics, visit Race to Security.

Additional text provided by Fraud Analyst Paul Pajares.

Hat tip to Jovi Umawing for first writing about the malicious Olympics-related app in Google Play store.