World Cup warning: think before you click

June 5, 2006

Australia
5 June 2006

The World Cup promises to serve up a smorgasbord of online distractions for those who want to keep up-to-the minute with all the latest action, but security experts are warning users to think before they click.

Attempts to access game results, previews and web-streamed replays are expected to add up to 12.5 million hours of lost productivity at work, churn through corporate bandwidth, and cost local businesses an estimated $290 million, said security company Marshal.

FIFAworldcup.com is already planning to make free two-minute clips of each game available as close as possible to final whistle, which means for football followers, accessing the internet while at work could become their key source for match news and highlights.

Ed Macnair, chief executive of Marshal advises companies to implement policies limiting online access to certain sites to lunch time, or before and after working hours to control productivity and corporate bandwidth issues.

"Every major sporting event sees the same pattern. Because of the popularity of football and the qualification of the Socceroos, the four weeks of the World Cup are certain to be some of the least productive of the year," he said.

But it is not only the threat of lost productivity that is bothering security companies. A number of viruses and trojans have already been sent out via spam to fool users into thinking they are linking up to one of the many internet sites cashing in on World Cup fever by offering relays, scores and results online.

Sophos said it had already detected a two trojans seeking to exploit interest in the World Cup.

The first to appear was trojan Haxdoor-IN, which posed as a World Cup wallchart for fans wanting to follow their favorite teams. Once downloaded, the trojan would give hackers back-door access to their computer. Although the spam email was written in German, Sophos said it could easily be adapted for use in other languages.

The most recent threat to be circulated is called the Dropper-KG, which takes the form of a software installer that includes a copied version of a freeware World Cup results-tracking spreadsheet, lending it an air of legitimacy.

According to Joel Camissar, managing director of Websense, internet users should treat all World Cup related email attachments with suspicion, and even be wary of conducting Google searches on topics such as their favourite Socceroo.

"A link may direct you to a less than reputable site which is looking to exploit vulnerabilities such as that recently found in Internet Explorer. If the user hasn't got the latest patch, their PC could become infected just by looking at a picture," he warned.

Source: http://www.theage.com.au/news/security/world-cup-warning-think-before-you-click/2006/06/02/1148956535833.html