New spam campaign targets Olympic Games fans

June 19, 2008 Sophos Press Release

IT security and control firm Sophos is warning computer users to be on their guard against unsolicited emails following the discovery of a new malicious spam campaign that claims another earthquake has just occurred in China, and could derail the upcoming Olympic Games.

Samples intercepted by SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, contained the subject line 'Million dead in Chinese quake' and a link to a .cn domain webpage that claims that an earthquake measuring 9.0 on the Richter scale has hit Beijing causing millions of casualties and put the 2008 Olympic Games at risk of failure. The webpage contains a link to a video, claiming to show additional details of the disaster. In fact, when clicked on, the link will download malware known as Nuwar-E onto the user's computer.

"The recent Chinese earthquake is still so fresh in people's minds, that many computer users won't think twice before opening this email and clicking on the link," said Carole Theriault, senior technology consultant at Sophos. "The spammers are using one of the most common tricks in the book in an attempt to spread their malware, and if people continue to open unsolicited emails, unfortunately the spammers will continue. All computer users need to think twice before opening messages from people they don't know - the chances are it will be spam and could result in your computer becoming infected."

Sophos experts note that by using the highly-anticipated Olympic Games due to take place in Beijing in August, the spammers are hoping to take advantage of the excitement surrounding the event in order to trick unsuspecting computer users into downloading their malware.

"We're likely to see more spam messages referencing the upcoming Olympic Games as we get nearer to the event," continued Theriault. "Spammers will be hoping that computer users will be so eager to find out more that they'll forget their common sense when it comes to their emails."

This is not the first time that spammers have used Chinese domains as part of their spam campaigns. Earlier in 2008, a promotion invited people to register .cn domains for a mere one Yuan (GBP 7 pence). Sophos experts note that such a low cost is attractive to spammers as they can register hundreds of new domains and rotate them ever few minutes during a spam run in order to bypass spam filters that use URL blocklists.