Symantec Intelligence Report: July 2012
Attacks use Olympics as bait for spam, malware and phishing attacks; the state of Web attack toolkits in 2012
The Olympics is one of those rare occasions where the entire world comes together, setting aside various differences for the competition. The Games are a chance for each country to put their best foot forward and demonstrate their athletic skill and prowess. No doubt this spirit of goodwill generates a significant amount of excitement for athletes and spectators alike when it comes around every four years.
Unfortunately, it’s exactly this goodwill that attackers are attempting to prey upon. In this month’s Symantec Intelligence Report, we take a look at how attackers are using Olympic themed hashtags on Twitter to spread malicious code, bundling threats with popular Olympic-themed Android apps, and creating spam and phishing scams that pretend to be contests sponsored by credit card companies—all in the hopes of taking advantage of the excitement surrounding the event. There has also been a few instances of spammers attempting to trick users into downloading malware. For example, one spam email we’ve recently encountered includes a link to a website that mimics YouTube.
We also take a look at the increase in the use of attack toolkits (a.k.a. exploit kits) for spreading malicious code. The amount of attack toolkit activity on the threat landscape is now three times the average for the last six months of 2011. While the appearance and end result of such attacks has remained the same from an end-user point of view, there is a definite shift taking place in terms of how these attack toolkits are set up and administered. In the past toolkits were purchased as self-contained applications in underground marketplaces, the exploits used are now being sold as plugins for toolkit frameworks or the entire exploit process, hosting webserver included, is simply being rented out as a service. We also highlight a sometimes-overlooked impact toolkits can have on personal and small business websites—if your webserver isn’t properly patched and secured, it could play host to an attack toolkit.
The July Threat Intelligence Report is now available for download. We hope you enjoy this month’s issue.