Search engine results serve fake Olympics Games domains

But are big events that important?

As predicted by doom-mongers during 2012, large numbers of web domains that appear to be legitimate sites connected to the London Olympic Games are really covers for criminality, security company Zscaler has confirmed.

Using data drawn from its own customer base, Zscaler noticed that up to 80 percent of domains accessed with an Olympic theme appeared to be connected to one of three types of "spam or scam."

These were typosquatting (occupying domains that are misspellings of popular domains), Adsense manipulations (sites created to appear prominently on search engines) and the most opportunist of all, "TV on PC" frauds drawing people with the promise of live coverage of events.

On top of this the company was among several companies warning about more convincing-looking Olympic scam sites that sprang up to sell people non-existent event tickets.

"I guess the good news is that most of the scams are targeting 'low hanging fruit' and don't involve sophisticated exploits," said Zscaler's Julien Sobrier.

While Zscaler's alarm over Olympic exploitation is no doubt well-founded, are major events really that important to scammers in the grand scheme of things?

According to security company Blue Coat Systems, the Olympics are just a way for scammers to push cons that might be ignored at other times. According to its own research, at least 40 percent of malware is encountered through routine search engine poisoning, ahead of email at 11.6 percent.

It was also a myth that large events are the primary mechanism by which criminality pushes security threats such as malware; users were actually safer when searching for events with theme such as the Olympics, the death of Steve Jobs or celebrities including Lindsay Lohan than they were from "everyday" topics, the company said.

"These types of events [the Olympics] drive a lot of legitimate coverage from recognised news sources, therefore these news sources are always going to be ranked higher than some hacked blog or cobbled together bait page," said Blue Coat System's product marketing director, Dave Ewart.

"Someone is likely to click on a malicious website if it's in the top results, but getting the website to rank above legitimate news sources, requires too much work. Instead, we are seeing that cybercriminals are targeting mundane topics, like 'Pimms recipe' or 'children summer party games',, which may be rarely searched for, but can therefore creep higher up the page rankings, he said.

"If they snare just one user with this technique, that's a success."

Celebrities, for instance, accounted for only 2.7 percent of a trawl of 2,300 poisoned search terms as against 42 percent for a multitude of mundane themes including "sample resume letters."

Which company is right? Perhaps both.

The company didn't break down large events such as the Olympics in these numbers, but it could be that Zscaler and Blue Coat Systems companies are simply looking at different elements of the same picture. Event scams are a small part of the overall criminal manipulation of search engines but it gets noticed more when those events are actually occurring.

The daily grind of search engine poisoning remains a mundane business built on trapping a small but economic haul of victims.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place