A recent report from computer security giant Symantec, developer of the Norton range of anti-virus products, confirms that World Cup hackers see the world’s premier footballing event as a great opportunity to launch malware and spam attacks.

The antics of the World Cup hackers appears in the companies June 2010 MessageLabs Intelligence report.

The report noted that way before the tournament kicked off, the World Cup hackers had kicked off themselves. Its reckoned that the percentage of spam related to soccer and football keywords approached 25% of all global spam traffic in the run-up to the event.

Paul Wood, Senior Analyst at MessageLabs Intelligence, said about the World Cup hackers:
“Right now, spammers are reliant on the massive wave of excitement and expectation that typically surrounds an event like the FIFA World Cup. Riding this wave, spammers get the attention of their victims by offering products for sale or enticing them to click on a link. It is not uncommon for the event to appear in the subject line of an email but for the body of the same email to be completely unrelated.”

And some of the World Cup hackers are a sophisticated bunch. Shortly before the tournament kick-off, the team at MessageLabs picked up a run of nearly 50 targeted malware emails. These were being sent to managers in Brazilian companies and were designed to get the recipients to intentionally compromise their corporate computer systems. It was a clever, dual-pronged attack. The delivery vehicle (the email) had a spiked PDF attachment and an embedded malicious link. It was figured that many of the anti-virus systems would pick-up the PDF, but then clear the email with the malicious link.

Said Wood again:
“Skilled and calculating spammers have gone to great lengths to disguise what the JavaScript actually does. Deceiving recipients into opening a message that contains unrelated content is an approach commonly used with malware. We expect to see more of these attacks as the football tournament continues.”

The report highlights not only the activity of World Cup hackers of course, but also a raft of other malicious activities.

The report stated that in June 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was down slightly – a decrease of just under 1% since May – but still equated to one in 1.12 emails (a touch under 90%).

As to viruses delivered by email from new and previously unknown bad sources, this had also slightly decreased since May, coming in at one in 276 emails (or 0.4%).

Endpoint threats continue to be tricky, as much malware is now delivered via popularly used removable drives, in the form of Trojans and worms. One of the nastiest of this bunch continues to be the Sality.AE virus.

Phishing also took a slight holiday in June, compared with May, dipping by 0.26% and accounting for one in 634 emails ((0.16%).

As for web security, the report stated that just over 30% of the malicious domains blocked were new in May, a decrease of 1.5%. What’s more, 12.4% of all web-based malware blocked was new in June; an increase of 0.1% since last month.

Guest Article by Neil Camp