Boost PC performance: How more available memory can improve productivity
FIFA Spam Targets Football Fanatics
1. Web Threat Spotlight
A Web threat is any threat that uses the Internet to facilitate cybercrime.
ISSUE NO. 65
JUNE 7, 2010
FIFA Spam Targets Football Fanatics
Football season is definitely upon us. Football fanatics worldwide are all set to cheer for their teams and to proudly display their colors. Even the
players are intensifying their training and solidifying their strategies. With just days left before the highly anticipated opening of the “Fédération
Internationale de Football Association (FIFA) 2010 World Cup,” the world can expect that even cybercriminals will step up their game.
The Threat Defined
Cybercriminals have long been leveraging sports events for their profiteering schemes. The list of such attacks
include those related to the “2008 European Soccer Championships”; the Pacquiao-Clottey boxing match; the “2010
Vancouver Winter Olympics”; and the upcoming “2012 London Olympics,” spam for which made the inbox rounds
four years before the actual event is even set to take place.
Riding on the popularity of sports events is a tried-and-tested technique that cybercriminals continue to use even
now. The “2010 FIFA World Cup” is no exception. In January 2009, an early 2010 FIFA spam tried to trick recipients
SM
into believing they won an online sweepstakes draw. More recently, TrendLabs engineers encountered two
separate spam runs leveraging the upcoming “2010 FIFA World Cup.”
Two Players, One Goal
The first spam sample instructed
users to open and view a .DOC
file attachment to learn more
about the supposed FIFA-
organized “Final Draw” contest’s
prizes. The file also informs the
recipients about a US$550,000
prize that seven lucky winners will
receive should their names be
drawn. To claim their prizes,
however, the “winners” must
immediately coordinate with a
releasing agent via the contact
information indicated in the email.
The said winners must also
provide the requested data, which
includes personally identifiable
information (PII) such as their
marital status, company name,
email address, and full mailing
Figure 1. FIFA-related spam run infection diagram
address.
The second spam sample arrived with a .PDF file attachment, a poorly worded letter asking the recipients to divulge
specific information in relation to a supposed fund transfer transaction worth US$10.5 million. Upon agreeing to the
proposal, the recipients should supposedly get 30 percent of the said amount, reminiscent of the infamous 419 or
Nigerian scam, which persuaded users to send cash in exchange for a larger amount of money in return for their
cooperation.
The Laws of the Spamming Game
Over the years, spammers have been refining their techniques and been resorting to a variety of social engineering
tactics in order to trick users into clicking malicious links or into downloading malicious files. The most popular
spamming techniques include sending out medical or pharmaceutical ads, holiday-related messages, bogus email
notifications, and messages leveraging timely newsworthy events.
1 of 2 – WEB THREAT SPOTLIGHT
2. Web Threat Spotlight
A Web threat is any threat that uses the Internet to facilitate cybercrime.
Despite ever-evolving tactics, however, spammed messages exist for one reason alone, that is, to further
cybercriminals’ malicious schemes. The arrival of spammed messages in users’ inboxes alongside legitimate email
messages increases the probability that the recipients would open even the malicious mail. Furthermore, the
varying techniques spammers use to create malicious messages is an added challenge to users and security
experts alike when classifying messages.
User Risks and Exposure
The “2010 FIFA World Cup” is slated to open on June 11 in South Africa. Since this is the first time the games will
be held on African soil, it can be expected that football fanatics—and possibly even other Africans remotely
interested in the game—will constantly be on the lookout for news about the event. Add to this the fact that FIFA
games are mostly well attended. This year’s event has an expected audience of 3 million international visitors and
as many as 400 million live television viewers. While a good portion of these figures includes a chunk of the
265 million football players worldwide, it still cannot be denied that the “World Cup” does draw in a crowd.
Also noteworthy is the fact that the official “World Cup” site, fifa.com, has received a noticeable increase in hits
beginning April. Based on the site statistics, the top search queries include “FIFA” and “world cup 2010”—the same
keywords that spammers are using in related attacks. The numbers from Google Trends likewise show that interest
in the phrase “world cup” has increased by three times over the 2010 average as of this writing.
With millions of fans actively searching the Internet for more information on the “World Cup,” it is no surprise that
cybercriminals are likewise maximizing the Web to further their malicious activities. By consistently leveraging hot
topics, cybercriminals are likewise ensuring the continued profitability of their schemes.
This widespread attraction increases the potential harm that spammed messages leveraging the event pose. These
FIFA-related scams can already be considered part of football tradition, given the fact that they are a recurrent part
of the threat—and even the football landscape. In fact, even FIFA has issued a warning that fans should be wary of
email scams and Internet hoaxes.
While in both spam runs, the messages did not directly ask for cash, arrive with malware, or led to malicious sites,
they did pose identity theft risks to users. By requesting PII from the recipients, users’ private information and
security may be compromised.
Trend Micro Solutions and Recommendations
Trend Micro™ Smart Protection Network™ infrastructure delivers security that is smarter than conventional
approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network™ combines unique
in-the-cloud reputation technologies with patent-pending threat correlation technology to immediately and
automatically protect your information wherever you connect.
In this attack, Smart Protection Network’s email reputation technology blocks all emails related to the spam runs.
The following post at the TrendLabs Malware Blog discusses this threat:
http://blog.trendmicro.com/latest-online-scam-targets-fifa-fans/
Other related posts are found here:
http://blog.trendmicro.com/spam-buys-tickets-to-euro-2008/
http://blog.trendmicro.com/pacquiao-clottey-live-streams-lead-to-fakeav/
http://blog.trendmicro.com/search-for-“winter-olympics”-and-take-your-pick—fakeav-or-bogus-windows-media-player-updates/
http://blog.trendmicro.com/a-very-early-london-olympics-scam/
http://blog.trendmicro.com/scammers-attempt-to-score-through-the-fifa-world-cup/
http://www.419scam.org/emails/2009-06/30/00934224.4.htm
http://blog.trendmicro.com/fake-pharma-ads-flood-inboxes-again/
http://blog.trendmicro.com/spammers-celebrate-mothers’-day/
http://blog.trendmicro.com/fake-it-email-notification-spreads-malicious-pdf/
http://blog.trendmicro.com/shanghai-expo-spam-carries-backdoor/
http://blog.trendmicro.com/category/spam/
http://www.southafrica.info/2010/worldcup-overview.htm
http://www.goal.com/en/news/1863/world-cup-2010/2010/05/29/1947801/world-cup-viewing-figures-prove-that-this-really-is-the-
http://www.fifa.com/worldfootball/bigcount/index.html
http://www.alexa.com/siteinfo/fifa.com
http://www.google.com/trends?q=World+Cup&ctab=0&geo=all&date=2010&sort=0
http://www.theregister.co.uk/2010/06/01/world_cup_net_threats/
http://www.fifa.com/worldcup/organisation/ticketing/authorisedticket.html
2 of 2 – WEB THREAT SPOTLIGHT