World Cup 2014 Malware Threat

With the World Cup kicking off in Brazil today it seems an appropriate time to discuss the issues that such a large event can have on IT. In this the first of our three part World Cup series we focus on malware that is specifically targeted at exploiting football fans’ enthusiasm for this event that has an expected world wide audience in excess of a billion.

A growing trend seen by online security experts is for scammers to take advantage of the latest breaking news and major worldwide events to distribute malware and con potential victims. The World Cup is known to be the most widely-viewed sporting event in the world. Events that draw such pervasive and ongoing public interest will, without a doubt, be used to propagate socially-engineered crimes – where users are manipulated into performing certain actions or disclosing confidential information.

Major tournaments are a great source for entertainment; however, they are also a big opportunity for malware to be distributed.

 WC2014 malware graph

Spam with malicious attachments – Be wary of unsolicited World Cup-related messages with an attachment, particularly if the attached file is a PDF. One of the latest PDF attacks took advantage of an Adobe Reader vulnerability that was recently patched. Check that all applications and programs are patched and up-to-date.

Targeted phishing ploys – Expect to see a deluge of the following themes in World Cup-related phishing messages: refunds, tickets sales and lotteries, accommodation, travel, and team merchandise. If you receive an unsolicited message, delete it without opening.

SEO poisoning – Cyber scammers will likely poison search engine results using World Cup-related headlines and videos to lead to malicious sites in an attempt to push rogue (fake) security software and other types of malware.

Application downloads – With so many viewers planning to watch the games online, malware purveyors are sure to capitalize on ways to infect users looking to download media players. Vet any applications that allow you to stream World Cup content.

Legitimate sites serving malware – Malicious code can be hacked into vulnerable, legitimate websites in order to infect users. Legitimate World Cup-related sites will be attractive targets for cybercriminals. Make sure that you have core protection on your PC (anti-virus, anti-spyware, and firewall).