As predicted by doom-mongers during 2012, large numbers of web domains that appear to be legitimate sites connected to the London Olympic Games are really covers for criminality, security company Zscaler has confirmed.
Using data drawn from its own customer base, Zscaler noticed that up to 80 percent of domains accessed with an Olympic theme appeared to be connected to one of three types of “spam or scam.”
These were typosquatting (occupying domains that are misspellings of popular domains), Adsense manipulations (sites created to appear prominently on search engines) and the most opportunist of all, “TV on PC” frauds drawing people with the promise of live coverage of events.
On top of this the company was among several companies warning about more convincing-looking Olympic scam sites that sprang up to sell people non-existent event tickets.
“I guess the good news is that most of the scams are targeting 'low hanging fruit' and don't involve sophisticated exploits,” said Zscaler’s Julien Sobrier.
While Zscaler’s alarm over Olympic exploitation is no doubt well-founded, are major events really that important to scammers in the grand scheme of things?
According to security company Blue Coat Systems, the Olympics are just a way for scammers to push cons that might be ignored at other times. According to its own research, at least 40 percent of malware is encountered through routine search engine poisoning, ahead of email at 11.6 percent.
It was also a myth that large events are the primary mechanism by which criminality pushes security threats such as malware; users were actually safer when searching for events with theme such as the Olympics, the death of Steve Jobs or celebrities including Lindsay Lohan than they were from “everyday” topics, the company said.
“These types of events [the Olympics] drive a lot of legitimate coverage from recognised news sources, therefore these news sources are always going to be ranked higher than some hacked blog or cobbled together bait page,” said Blue Coat System’s product marketing director, Dave Ewart.
“Someone is likely to click on a malicious website if it’s in the top results, but getting the website to rank above legitimate news sources, requires too much work. Instead, we are seeing that cybercriminals are targeting mundane topics, like ‘Pimms recipe’ or ‘children summer party games’,, which may be rarely searched for, but can therefore creep higher up the page rankings, he said.
“If they snare just one user with this technique, that’s a success.”
Celebrities, for instance, accounted for only 2.7 percent of a trawl of 2,300 poisoned search terms as against 42 percent for a multitude of mundane themes including “sample resume letters.”
Which company is right? Perhaps both.
The company didn’t break down large events such as the Olympics in these numbers, but it could be that Zscaler and Blue Coat Systems companies are simply looking at different elements of the same picture. Event scams are a small part of the overall criminal manipulation of search engines but it gets noticed more when those events are actually occurring.
The daily grind of search engine poisoning remains a mundane business built on trapping a small but economic haul of victims.