World Cup 2010 – will you get through without losing?

Filed Under: Malware, Spam

In 2006, Australia qualified for the World Cup by beating Uruguay in a final decider match at home in Sydney's Olympic Park. (The oddity of Australia qualifying via South America, not Asia, was finally rectified after the 2006 competition.)

John Aloisi slotted the winner in a penalty shootout, following an amazing save by Aussie goalkeeper Mark Schwartzer, putting Australia through to the finals for the first time since 1974. Aloisi removed his shirt, the stadium erupted, and celebrations broke out country-wide.

All but two of my colleagues in the Sydney office – which is, in general, rugby-mad and fairly dismissive of other football codes – were glued to the 2006 qualifying game, and remember it well. As one said, "I remember that there were saves, but I don't remember them happening. The only thing I remember was Aloisi slotting the goal, and taking his shirt off, and after that I don't remember much either, except that Australia had won." The smile, four years later, said it all.

Even I watched that game, and I'm not Australian, nor have I ever followed soccer other than very casually. (I have an intellectual objection to offside. Games which eschew it, like hockey and Australian football, are in my opinion greatly superior as a result.)

Why am I telling you this?

To remind you that World Cup fever is widespread, and that it provokes widespread behavioural changes, even in die-hard fans of other sports.

Of course, these behavioural changes occur on-line, too.

Cybercriminals love this. Let me demonstrate this by sharing a selective history of World Cup malware from 1998, 2002 and 2006.

For France 1998, the ZMK-J virus asked you to gamble on who would win. If you got the answer wrong, the malware triggered a warhead which was capable of wiping all the data off your hard drive.

In 2002, Chick-F spread via email and instant messages, posing as a web utility which would bring up-to-the-minute results from Korea and Japan.

And In 2006, German malware Zasran-D offered you a backdoor (remote access) virus under the guise of free tickets.

We've already seen loads of World Cup-related cybercriminal activity for 2010, and the pace of cybercriminality seems certain to hot up during the competition, as fans clamour for tickets, change their minds over what games they want to watch, and generally fling themselves into the fever of Africa's first-ever World Cup.

Don't let your guard down. And since many of us will know friends who are going to, or who are already in, South Africa, don't be fooled by Advance Fee Fraud criminals trying to scam you with sob stories about your buddies, using messages such as "HELP! I GOT MUGGED IN JOBURG GOT NO MONEY WIRE ME US$1000 RIGHT AWAY PLEASE".

If you do think your friends have got lost, or are stuck somewhere, or need some sort of assistance, use your common sense when getting ready to help them. Rushing out to Western Union to WIRE THEM $US1000 RIGHT AWAY is unlikely to help them. Or you.

, , , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog