Remember when throwing a sheep at your friend was one of the most fun things to do on Facebook? Well, today the world’s largest social networking site is all grown up and celebrates its tenth year in existence. Happy Birthday, Facebook! Here are 10 fun facts you can think about while Facebook’s 6,300 employees worldwide […]
Scammers are taking advantage of recent Super Bowl social buzz in a scheme which target entrants of an Esurance contest. The company premiered a commercial following Super Bowl, where they offered US$1.5 million dollars to one lucky Twitter user who used the hashtag #EsuranceSave30. Following this, Symantec Security Response has observed a number of fake Esurance Twitter accounts being created to leverage the attention generated by this contest.
Many of these Twitter accounts used variations of Esurance’s brand name and logo to convince users they are affiliated with the company. These accounts include the following Twitter handles:
There are also other accounts that use logos and imagery making them look like they belong to Esurance, but their names have nothing to do with the brand. An example is an account named @HelpfulTips, whereby the “l” in Help is the capitalized letter “i”.
This account, created in December 2012, has racked up thousands of followers but performed an “account pivot” during the contest–it changed its avatar, bio and header image, and claimed to be part of the Esurance giveaway. The account added thousands of Twitter followers and received more than 40,000 retweets for a tweet related to the contest overnight.
Figure 1: Twitter account which claims to be associated with the Esurance giveaway
Earlier this afternoon, it performed yet another account pivot–after gaining enough followers from the Esurance tweets, it reverted back to a LifeHacks account.
Figure 2: Fake Esurance account pivots back after gaining thousands of followers
Many accounts of such nature focus on gaining retweets and followers, but Symantec has identified further abuse. For example, one of the fake Esurance accounts has asked its followers to donate money to increase their chances of winning the contest:
Figure 3. Twitter account asks for donations to increase their chances of winning the contest
This campaign was shut down quickly, but already received US$261 in donations by then.
These accounts could also be used to send phishing links to followers, asking them to login to Twitter to earn more entries in the contest.
Why are these accounts being created in the first place? By riding on the popularity of the contest and the hashtag, some of these accounts have gained anywhere between 1,000 to 100,000 followers. After that, the owners of these accounts are able to sell these fake accounts to individuals who are looking for accounts with real Twitter followers instead of fake ones. This can then be used for affiliate spam.
As more brands use Twitter for marketing purposes, Symantec advises users to look for and follow updates and contest rules from Twitter accounts that are “verified” and/or officially associated with the brand. In this case, Esurance has provided a set of official rules and frequently asked questions on their website.
If you suspect an account is attempting to mislead users on Twitter, you can report the account to Twitter.
To learn more about social media scams, follow Symantec Security Response team on @threatintel and read our blogs on previous Twitter scams:
Estamos iniciando el año en que se jugará el Mundial de futbol y es natural que en los siguientes meses veamos varias campañas relacionadas con este evento. Habrá mucho marketing y promociones asociadas con el entusiasmo y el interés que genera el evento. Entre todo el marketing y correos electrónicos promocionales legítimos, podríamos recibir correos con premios prometedores como entradas gratuitas o notificaciones de la lotería diciéndonos que hemos ganado un automóvil, por ejemplo.
Si piensa que suena demasiado bueno para ser verdad podría estar en lo cierto.
Los estafadores trataran de aprovecharse del entusiasmo vinculado con la Copa Mundial que se llevará a cabo en Brasil en junio y las consecuencias de que los usuarios sean víctimas de un fraude podrían ser graves. Los estafadores no solo pueden vaciar una cuenta bancaria sino que también podrían llenar de malware nuestra computadora. Esto puede implicar el robo de datos personales al descargar un Troyano o comprometer nuestro equipo y hacerlo parte de un Botnet.
En los últimos días, Symantec ha detectado varios correos fraudulentos relacionados con el Mundial de futbol, a continuación los detalles.
El primer ejemplo de fraude que Symantec identificó es un correo electrónico similar al que mostramos a continuación, el cual contiene un vínculo a un código malicioso:
Versión en portugués:
De: Parabens Voce foi o ganhador de um Par de ingressos atendimento.promo5885631@Domain.com
Asunto: Copa do Mundo FIFA 2014
Figura 1. Traducción del encabezado del correo electrónico con código malicioso (malware)
Figura 2. Ataque de código malicioso relacionado con el Mundial de la FIFA
Figura 3. Traducción del contenido del correo electrónico con malware
Se invita al usuario a hacer clic en la liga para imprimir el boleto al partido.
Pero, la liga lleva a un URL malicioso que descarga un archivo adjunto llamado eTicket.rar y que contiene el programa ejecutable: eTicket.exe, como se muestra en la imagen a continuación.
Figura 4. Imagen del archivo adjunto (malware) que se descarga al hacer clic en la liga
Al ejecutarlo, se instala el archivo thanks.exe en el directorio de Programas/Inicio y se activa un Troyano en constante evolución Infostealer.Bancos y ese archivo continuará funcionando en segundo plano sin que el usuario lo note. Luego, tratará de evadir las medidas de seguridad, robar información financiera confidencial, registrar los datos recolectados y finalmente los enviará al atacante remoto. También hemos descubierto que el malware está dirigido especialmente para las instituciones financieras brasileras.
Los clientes de Symantec están protegidos contra este ataque gracias a la tecnología de “Seguimiento de vínculo” (‘Link following’), que revisa todas las páginas de Internet referidas en un correo electrónico en busca de virus u otras amenazas, lo que permite identificar el malware en el URL incluido en el mensaje. A partir de esto, se creó la detección para que en el futuro los correos que contuvieran diferentes ligas a este malware, sean reconocidos como infectados y puestos en cuarentena.
Otro ejemplo de engaños en Internet relacionados con este tema es una supuesta promoción de la marca CIELO en Brasil. CIELO es un operador de tarjetas de crédito y débito en Brasil.
Figura 5. Phishing por correo electrónico relacionado con el Mundial 2014
El mensaje traducido es el siguiente:
Figura 6. Traducción del contenido del contenido del correo de phishing
Al dar clic en la liga dentro del correo con el siguiente URL:
<http://conteudo.casavilaverde.com/logs/copa2014/index.php?%email%>
Se redirige al usuario a:
http://cielobrasil2014l.fulba.com/copa,fuleco.dll/BR.FIFA=2,0,1,4/f&ulec0&id/sele,ca.o&id=br/home.html
Entonces la página de Internet solicita al usuario ingresar su nombre, fecha de nacimiento y el número de identificación fiscal de Brasil (Cpf).
Figura 7. El URL del phishing abre la página de Internet alterada y solicita datos personales.
Al proporcionar la información, el usuario es dirigido a la página que mostramos abajo que solicita los datos bancarios de los usuarios.
Figura 8. La página de Internet alterada solicita datos bancarios.
En un análisis más profundo encontramos que el dominio conteudo.casavilaverde.com está hackeado y se muestra como:
Figura 9. El dominio del URL en el correo está hackeado
Finalmente, el tercer ejemplo detectado por Symantec es una nueva versión de estafa nigeriana con los siguientes encabezados:
De: “FIFA 2014 World Cup Award”<globalpromotions@ @[domain].ru>
Asunto: Window Live Games 2014 FIFA World Cup
Figura 10. Adjunto del ejemplo de fraude nigeriano relacionado con el Mundial
El correo incluye un archivo adjunto que supuestamente es un premio patrocinado por grandes marcas y para obtenerlo se solicita al usuario información personal. El correo también contiene una nota que trata de parecer legítima pero inmediatamente se advierte que es algo amateur en comparación con los otros dos ejemplos mencionados. No hay imágenes ni URL en este correo y el hecho de que contenga un adjunto Word hace que resulte sospechoso.
Los sistemas de monitoreo avanzados de Symantec pudieron identificar los tres ejemplos de estafas electrónicas presentadas en este blog protegiendo así a nuestros clientes.
Mientras que los primeros dos correos están redactados en portugués dirigidos a personas en Brasil, los correos no deseados pueden personalizarse fácilmente por regiones, países e idiomas, teniendo en cuenta el interés que existe actualmente en el futbol.
Los eventos mundiales pueden ser muy lucrativos para los estafadores ya que tienen el potencial de estafar a más cantidad de personas debido al interés sobre dichos eventos. Como consecuencia, Symantec espera que la cantidad de correos fraudulentos se incremente a medida que se acerca la fecha del evento.
Como medida preventiva para los usuarios recomendamos no compartir información personal o confidencial. Debido al riesgo de pérdida financiera y de información confidencial en juego, Symantec aconseja a los usuarios estar alerta y seguir los siguientes consejos de seguridad:
Symantec constantemente monitorea los ataques de spam para asegurarse de informar a los usuarios con información sobre las más recientes amenazas.
¡Que no te tomen fuera de lugar cuando se trata de ofertas y promociones, especialmente aquellas que parecen muy buenas para ser verdad!
Com aproximidade da Copa do Mundo da FIFA 2014 é natural que muitas campanhas de marketing e promoções relacionadas a este evento global sejam veiculadas para aproveitar o entusiamo deste momento. Porém, entre todos os e-mails e mensagens legítimas, muitos golpes online também já comecaram a ocorrer, com promessas de entradas grátis para os jogos e até um carro ao vencedor de um sorteio.
Os fraudadores e golpistas digitais já iniciam seus ataques e exploram o tema ligado à Copa do Mundo da FIFA no Brasil. As ramificações para o usuário ser uma vítima pode ter consequências de longo alcance. Não só o internauta pode ter sua conta bancária esvaziada pelos fraudadores, mas também infectar seu computador com ameaças, como malware. O que poderia acontecer, por exemplo, após a instalação dessa ameaça é o golpista roubar dados e informações pessoais do proprietário da máquina por meio do download de um Trojan, ou comprometer o computador e torná-lo parte de um Botnet.
A Symantec identificou vários emails maliciosos sobre a Copa do Mundo da FIFA. Na primeira amostra o golpe contém um link para um malware.
Figura 1 – E-mail contendo malware relacionado à Copa do Mundo FIFA 2014
Após o clique, o usuário é direcionado a uma URL maliciosa, que faz o download do eTicket.rar (que abriga o eTicket.exe – Figura 2). Ao ser executado, o arquivo desencadeia o trojan Infostealer.Bancos, que instala o thanks.exe no diretório /Programas/Startup.
Este arquivo, que irá tentar escapar de medidas de segurança, rouba informações financeiras e confidenciais, registra os dados colhidos e os envia para um criminoso remoto. Também foi descoberto que o malware foi personalizado para atingir instituições financeiras brasileiras.
Figura 2 – Imagem da tela após clicar no hiperlink com malware
Outro exemplo de ataque é uma suposta fraude que utiliza a marca CIELO como chamariz para uma promoção falsa, que leva a uma página de phishing.
Figura 3 – Email de phishing relacionado à Copa do Mundo FIFA 2014
Ao clicar no botão da promoção, a página de phishing
http://conteudo.casavilaverde.com/logs/copa2014/index.php?%email% é redirecionada para <http://cielobrasil2014l.fulba.com/copa,fuleco.dll/BR.FIFA=2,0,1,4/f&ulec0&id/sele,ca.o&id=br/home.html> e solicita o nome, data de nascimento e CPF do usuário.
Figura 4 – A URL abre uma página da web falsa solicitando dados pessoais
Após fornecer essas informações, uma nova página (Figura 5) é aberta, que solicita os dados bancários do usuário.
Figura 5 – URL solicita os dados de serviços bancários
Em uma análise mais aprofundada, a Symantec descobriu que o domínio conteúdo.casavilaverde.com foi hackeado e abre como na Figura 6.
Figura 6 – Domínio da URL hackeado
Há, também, um golpe nigeriano, que traz um anexo que parece estar relacionado a um sorteio patrocinado por grandes marcas (Figura 7). Para parecer legítimo, esse e-mail contém um aviso, mas, por não conter imagens ou URLs e por ter apenas um documento do Word anexo, esse golpe parece ser mais simples do que os demais.
Figura 7 – Exemplo de golpe nigeriano relacionado à Copa do Mundo FIFA 2014
Eventos globais desse porte podem ser muito lucrativos para os golpistas devido ao aumento do número de interessados no assunto. Até a Copa do Mundo, diversas tentativas para atrair usuários e adquirir informações sensíveis e confidenciais irão ocorrer. Os e-mails de Spam, por exemplo, pode ser personalizados para diferentes países e regiões. Para evitar ser vítima desses golpes, a Symantec aponta as seguintes práticas de segurança online:
Contributor: Sean Butler
As it’s the start of a Football World Cup year it’s only natural that we will see many campaigns in relation to this global event. There will be many marketing and promotional campaigns taking advantage of the hype and excitement surrounding this event. Amongst all of the legitimate marketing and promotion emails, you may also receive emails promising anything from free match tickets, to competitions and lottery prizes stating that you have won a car.
Sound too good to be true? Well, you would be right in thinking that!
Fraudsters will be looking to exploit the enthusiasm that comes with the FIFA World Cup, which will be taking place in Brazil this June. The ramifications of you being scammed could be very serious indeed. Not only could you become a victim of fraud by having your bank account emptied by these fraudsters, you could also end up with malware on your computer. This malware could do anything from stealing your personal details by downloading a Trojan, to compromising your computer and making it part of a botnet.
Symantec has already spotted several FIFA World Cup related scam emails. The first scam sample Symantec discovered, relating to the FIFA World Cup, is an email that contains a link to malware.
The email has the following headers:
From: Parabens Voce foi o ganhador de um Par de ingressos atendimento.promo5885631@Domain.com
Subject: Copa do Mundo FIFA 2014
This email header can be translated as:
From: Congratulation you were the winner of a pair of tickets atendimento.promo5885631@Domain.com
From: FIFA World Cup 2014
Figure 1. Malware attack email related to FIFA World Cup
This email can be translated as:
You are the winner of a pair of tickets to the FIFA World cup 2014 Brazil!
Print your e-Ticket copy and collect the ticket from the ticket center in your city
Print Ticket
Check out the address of the ticket center in your city here
The recipient is enticed to click the on the link and print the match tickets. However, the link leads to a malicious URL that downloads the file eTicket.rar, which contains an executable file named eTicket.exe.
Figure 2. Clicking on the link leads to malicious download
Next, a file named thanks.exe (Infostealer.Bancos) is dropped in the following location so that it runs every time Windows starts:
Programs/Startup/thanks.exe
The Trojan will continue to run in the background and try to evade security measures, steal confidential financial information, log the stolen data, and send it to a remote attacker at a later time. We have also discovered that the malware is customized to target Brazilian financial institutions.
Symantec customers would have been protected against this attack because our ‘Link following’ technology, which checks all Web pages referenced within an email for viruses and other threats, correctly identified the malware at the end of the URL. Detection was then created so that future emails containing different links to this malware will be treated as though they are infected and then quarantined.
Another scam involves a fraudulent CIELO Brazil promotion. CIELO is a Brazilian credit and debit card operator.
Figure 3. Phishing email related to FIFA World Cup 2014
This email can be translated as:
Congratulations, you have been chosen to take part in the Cielo Cup 2014.
To promote World Cup 2014, you must register to compete for prizes worth 20 thousand Reais,
Tickets, accommodation in exclusive places during the 2014 world cup and you could also win a Fiat Doblo 0 Km. (Sic)
Don’t waste time! PURCHASE Register right now at no extra cost and avail the benefits of our promotion.
Join this Mega Promotion and compete for these Super Prizes.
Click here to unlock your promo code
If the recipient clicks the “Click Here” button, they are redirected to the following URL:
http://cielobrasil2014l.fulba.com/[REMOVED]/BR.FIFA=2,0,1,4/f&ulec0&id/sele,ca.o&id=br/home.html
The webpage asks for a username, date of birth, and a Brazilian tax registration number (CPF).
Figure 4. Spoofed Web page asking for personal credentials
On providing the required information, the user is sent to the page shown in Figure 5, which asks for the user’s banking credentials.
Figure 5. Spoofed Web page asking for banking credentials
On further analysis, we found that the domain conteudo.casavilaverde.com used in the phishing scam had been hacked.
Figure 6. Hacked domain used in phishing scam
Finally, the third example is a Nigerian scam.
Figure 7. Nigerian FIFA World Cup scam email
The email contains an attachment that claims to be about a lotto sponsored by major brands. The scam ultimately asks the recipient for personal information. The email also contains a notice to try and look legitimate, but this looks amateurish in comparison to the other examples referenced in this blog. There are no images or URLs contained within the email and the fact that it only contains an attached Word document would make anyone suspicious.
Symantec’s advanced monitoring systems were able to identify the above scam emails and protect our customers from receiving them.
While the first two example emails are composed in Portuguese and aimed at people in Brazil, they can easily be customized for different regions, countries, and languages. Considering the influence football has across the globe, such spam mail could potentially trick many people.
Global events can be very lucrative for scammers as they have the potential to scam more victims by appealing to peoples’ interest and curiosity. As a consequence, Symantec expects such scams to increase as we get closer to the 2014 World Cup.
Symantec advises users to be on their guard and to adhere to the following security best practices:
Symantec constantly monitors spam attacks to ensure that users are kept up-to-date with information on the latest threats.
Don’t be caught offside when it comes to special offers, especially ones that look too good to be true!
AVAST Privacy IQ Quiz has finished. Before we will officially announce the winners, please check how you should answer and learn why! Do privacy policies guarantee that your information will be kept private? Correct answer: No A typical privacy policy includes information about the types of data the company collects and how it analyzes, discloses […]
Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60% of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data.
There are numerous internet forums openly selling credit and debit card data in various formats. The most common is “CVV2” where the seller provides the credit card number, along with the additional CVV2 security code which is typically on the back of the card. This data is enough to facilitate online purchases. However some sellers also offer the more lucrative “Track 2” data. This is shorthand for the data saved on a card’s magnetic strip. This data is more lucrative as it allows criminals to clone cards, meaning they can be used in brick-and-mortar stores or even ATMs if the PIN is available. The value of the data is reflected in the online sale price and these prices vary widely. CVV2 data is sold for as little as $0.1 to $5 per card while Track 2 data may cost up to $100 per card.
Figure. Credit card data for sale on Internet forums
So how do criminals get this data? Skimming is one of the more popular methods. This involves installing additional hardware onto the POS terminal which is then used to read track 2 data from cards. However as it requires physical access to the POS, and expensive additional equipment, it’s difficult for criminals to carry this out on a large scale. To address this problem criminals have turned to software solutions in the form of POS malware. By targeting major retailers with this malware criminals can accrue data for millions of cards in a single campaign.
POS malware exploits a gap in the security of how card data is handled. While card data is encrypted as it’s sent for payment authorization, it’s not encrypted while the payment is actually being processed, i.e. the moment when you swipe the card at the POS to pay for your goods. Criminals first exploited this security gap in 2005 when a campaign orchestrated by Albert Gonzalez lead to the theft of data for 170 million cards.
Since then a market has grown in the supply and sale of malware, which reads Track 2 data from the memory of the POS terminal. Most POS systems are Windows-based, making it relatively easy to create malware to run on them. This malware is known as memory-scraping malware as it looks in memory for data, which matches the pattern of the Track 2 data. Once it finds this data in memory, which occurs as soon as a card is swiped, it saves it in a file on the POS, which the attacker can later retrieve. The most well-known piece of POS malware is BlackPOS which is sold on cybercrime forums. Symantec detects this malware as Infostealer.Reedum.B.
Armed with POS malware, the next challenge for attackers is to get the malware onto the POS terminals. POS terminals are not typically connected to the Internet but will have some connectivity to the corporate network. Attackers will therefore attempt to infiltrate the corporate network first. They may do this by exploiting weaknesses in external facing systems, such as using an SQL injection on a Web server, or finding a periphery device that still uses the default manufacturer password. Once in the network, they will use various hacking tools to gain access to the network segment hosting the POS systems. After the POS malware is installed, attackers will take steps to make sure their activity goes unnoticed. These steps could include scrubbing log files or tampering with security software, which all ensures that the attack can persist and gather as much data as possible. For an in-depth look at how these attacks work see our whitepaper: Attacks on Point of Sales Systems
Unfortunately, card data theft of this nature is likely to continue in the near term. Stolen card data has a limited shelf-life. Credit card companies are quick to spot anomalous spending patterns, as are observant card owners. This means that criminals need a steady supply of “fresh” card numbers.
The good news is that retailers will learn lessons from these recent attacks and take steps to prevent the re-occurrence of this type of attack. Payment technology will also change. Many US retailers are now expediting the transition to EMV, or “chip and pin” payment technologies. Chip and Pin cards are much more difficult to clone, making them less attractive to attackers. And of course new payment models may take over. Smart-phones may become the new credit cards as mobile, or NFC, payment technology becomes more widely adopted.
There’s no doubt that cybercriminals will respond to these changes. But as retailers adopt newer technologies and security companies continue to monitor the attackers, large-scale POS thefts will become more difficult and certainly less profitable.
For more details on how POS attacks are carried out and how to protect against them, see our whitepaper: Attacks on Point of Sales Systems
先週、デンバーブロンコスとシアトルシーホークスのファンが第 48 回スーパーボウルの予想に関するツイートをしていたところ、Twitter ボットから何度もスパムが送られてくるという被害が相次ぎました。また、ポップスターのマイリー・サイラスのファンも、対象となるキーワードを使った同じスパム活動に狙われました。
シマンテックでは去年の夏、BET アワードや、ジャスティン・ビーバー、ワンダイレクション、リアーナのファンを標的とした同様の活動に関するブログを公開しました。最新の活動でも基本的な手口は同じですが、いくつかの改良が加えられています。
この詐欺ではまず Twitter サービス上にスパムボットを仕込んで、ユーザーがつぶやく特定のキーワードを監視します。キーワードになり得るのは、「スーパーボウル」、「ブロンコス」、「シーホークス」や、個々の選手名(デンバーブロンコスのクォーターバック「ペイトン・マニング」、シアトルシーホークスのコーナーバック「リチャード・シャーマン」など)です。マイリー・サイラスの場合は、彼女のフルネームやファーストネームを挙げただけで、スパムボットから返答を受け取る可能性があります。
この返答は、写真が添付されたツイートで、個人に宛てたメッセージに見せるために対象ユーザーの Twitter ユーザー名が表示されています。
図 1. NFL やマイリー・サイラスに関する賞品当選を謳った、Twitter スパムボットによる写真付きのリプライ
このようなスパムボットは、リンクをツイートすることも、Twitter プロフィールの自己紹介セクションにリンクを含めることもありません。その代わりに、ユーザーにツイートされた画像内にある URL を手動で入力するよう促します。これは、スパム対策フィルタが詐欺師のアカウントを検知しないようにする巧妙な方法です。
図 2. ユーザーに Twitter ユーザー名を確認するよう促す詐欺サイト
上図のどちらのサイトも同じテンプレートに従っています。これらのサイトはまず、賞品当選の資格を確認するためにユーザー名のチェックが必要だとして、ユーザーの Twitter ユーザー名を要求します。その後、ユーザーのフルネーム、住所、電子メールアドレス、電話番号などの個人情報を要求します。
図 3. アンケートに参加してモバイルアプリをダウンロードするようユーザーに促す
ユーザーが先に進もうとすると、架空のスポンサーから、賞品を手に入れるには「特別キャンペーン」を完了しなければならないというメッセージが表示されます。これはアンケートへの誘導であることが一般的ですが、この詐欺はモバイルベースなので、モバイルアプリをインストールするようユーザーに促します。そしてインストールが行われるたびに、アフィリエイトプログラムを通して詐欺師に報酬が入る仕組みになっています。詐欺師たちがこぞってユーザーにスパムを送り付けるのはこのためです。
ここ数年、ソーシャルネットワークサービスの人気上昇に伴い、大勢のユーザーが大きなイベントや有名人について語るようになりました。このような機会はマーケティングにも利用されますが、スパマーや詐欺師の標的にもなりやすいものです。次はどのイベントや有名人が標的になるか、非常に気になるところです。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
“It has become second nature to connect various apps like Instagram, SocialCam, Angry Birds, CityVille, and Spotify to your Facebook ID. You just click ‘agree’ without even really knowing what you are agreeing to. What you don’t realize is that social apps linked to your Facebook profile can pretty much track your and your friends’ […]
It’s cold in New Jersey but football fever is HOT with only two days before the Big Game and showdown between the two championship teams. Who will win? AVAST has joined in the football hysteria by leveraging its vast number of users across the U.S. to help us determine a winner. Denver or Seattle? We […]