Cyber-criminals are settings their sights on Olympic-affiliated sporting organisations, sending them fake International Olympic Committee (IOC) emails loaded with malicious payloads.
MessageLabs made note of the attack, which the vendor said targeted at least nine domains with 57 emails.
The emails contained a press release loaded with text stripped from the IOC’s website.
“The malware was hidden within an Adobe Acrobat PDF file attachment, using embedded JavaScript to drop a malicious executable program onto the target’s computer,” a statement from MessageLabs read.
Once loaded onto the target computer, the executable allows external parties to access confidential information on the infected computer.
Users would not realise they had been duped: while the PDF is actually blank, the executable file loads another PDF with information similar to that in the email itself, giving users the impression of an ordinary press release.
Thinking the email legitimate, many users forwarded it on to other news and sporting organisations, MessageLabs said, making the threat even more insidious.
Users are advised to be wary of emails originating from Gmail-based accounts with IOC-looking usernames, including international.olympic@gmail.com and international.olympic2008@gmail.com.
This attack follows several other Olympic-themed spam, malware and phishing based scams that have emerged in recent weeks.
