Online Scams Exploit Katrina Disaster

[nelimitat 0]

In the wake of hurricane Katrina, several online scams have begun to circulate the Internet, according to several security firms. Sophos warned users on Thursday not to open a malware-Infected e-mail posing as news on the disaster.

Possible subject lines of the e-mail could be

"Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and
"Re: q1 Katrina killed as many as 80 people".

The group said there could be additional variants.


BetaNews on Thursday morning had received a variant of the above e-mails, however it appeared that the variance is the letter and number combination following the "Re:" prefix.

In the body of the message, clicking on the "Read More.." link will take the user to a malicious Web site that poses as a news story. In reality, the site uses code to exploit vulnerabilities within Internet Explorer to install malware including the Troj/Cgab-A Trojan horse.

From there, the attacker could remotely access the user's computer.

"Receiving or reading the emails themselves does not mean you are infected," Graham Cluley, senior technology consultant for Sophos said.

The SANS Institute is reporting that there are several e-mails soliciting donations through a Paypal link. According to SANS, it may be difficult to tell whether the e-mail is from a legitimate organization.

"The hurricane is a dreadful natural disaster, and it's sickening to think that hackers are prepared to exploit the horrendous situation in an attempt to break into computers for the purposes of spamming, extortion and theft," added Cluley.

After discovery of the sites yesterday, several have been removed. "There are now about 230 .com domains that contain the strings 'katrina' and 'hurricane'.

We will make a list of more domains like this public soon to ask for your help to review them,"

SANS said on its Web site.

Notice from wassie:

Quoted some things in your post

Edited September 2, 2005 by wassie (see edit history)

[bureX 0]

What some people won't do just to gain access to someone else's computer! Really sick! Do any of these "virus writers" even have a life?

[thablkpanda 0]

Dude, next time, quote stuff you take from other people's pages and such. cool?I agree though, this is sickening to think that people would take such a horrid downfall of our economy and attempt to reap havoc computer-wise.Panda

[BuffaloHelp 24]

It seems to me that they pre-wrote those scripts or exploits before hand. And it seems like a good idea for them to release their creation once the weather tragidy occurred. I'm telling you--there are people who don't even have a soul, a simple common decency anymore these days.

I haven't received any email relating this post but I'll be on the look out. Good post.

By the way, nelimitat, if you are going to use quotes from someone else and use the whole phrase or a sentence, you MUST use

[QUOTE] .... [/QUOTE]

tags. It is the board's rule. Thanks.

[sirfrancisdrake 0]

Boy, people are just sick!! Boy some people just don't have lives or morals. I'll pass this post on and be on the lookout. Thanks for this post Nelimitat. Does anyone know where to report e-mails we get like this or anything? I know there are some organizations that track where a mal-ware attack comes from then arrest the hackers. Anybody know where to report stuff like this? I think my Dad might know, i'll ask him and tell you guys if I know anything.

[farrah 0]

That is soo inhuman of them i mean they even write how many people have been killed for the subject of the virus email so sad and i know some people somewhere have fallen victim of this sick trick. Does anyone know if the virus writers were caught? i hope they did.

[dodgerblue 0]

They deserve to have their limbs amputated and made to sit in front of a computer screen playing "They're Taking the Hobbits to Isengard" on "repeat" eternally.

[byte 0]

Wow those people are really sick/sad.does it work with mozzila firefox?

[wariorpk 0]

Why do people take advantage of disasters. People's lives are on the line here and instead of the money going to helping people it goes to some guy who is sitting at his computer watching the money flow in from people who want to help people that need the money.

[Saint_Michael 3]

well it didn't take long for this to pop up, i think scammers started programming right after it hit and if it was a bad one (and it was) they would be ready for it, but you would think people would have common sense to donate money online, i think the email alone would give it away that the person is not legit, but hey its their money not mine.

[Hiaito 0]

E-mail isn't even safe anymore.

 

Although I have a question, "Has anyone heard of an E-mail Tracker"?