[Caution] Scam about London Olympic 2012

1. Introduction

INCA Internet Emergency Response team detected scams about London Olympic 2012.
There are various sports events in the world such as Olympic, world cup, champions league final and super bowl.
This Olympic also can be a source of social engieering to spread malicious files.
Furthermore, those events can be used as a scam with disguising as a free entrance ticket or special event.



2. Real case of security threat

On April 3rd, malicious e-mail disguised as a London Olympic ticket has been detected, which used CVE-2010-3333 MS Office security hole.

Following figure is about London Olympic.

Clicking link will redirect user to following site.

This case installs malicious file with using MS Office security hole.

Its file name is "Early Check-In 2012 London Olympics.doc" and it shows as following.

When document file is opened on vulnerable system, it will create normal document file and malicious file 'explorer.exe' on temp folder.

3. Summary

Various security threats about 2012 London olympic will be expected to emerge; therefore, we need to be careful on checking e-mail and its attachment about same contents.

CVE-2010-3333 can be detected by our nProtect product.

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

t 제품입니다.