Phony Web sites and e-mails, purporting to offer help to hurricane victims or provide more news on the destruction, are making their rounds on the Internet, security experts said Thursday.
One spam campaign that's circulating offers breaking news reports but tricks people into clicking a link that takes them to a bogus Web site, according to security firm Sophos. The site attempts to exploit vulnerabilities in Internet Explorer and install malicious code, including the Troj/Cgab-A Trojan horse, on a victim's system Sophos said.
Some of these e-mails carry subject headers such as "re: g8 Tropical storm flooded New Orleans" and "re: q1 Katrina killed as many as 80 people."
"If users click on the link contained inside the e-mail, they will be taken to a malicious Web site which will try and infect their computer," Graham Cluely, senior technology consultant for Sophos, said in a statement. "Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption."
Other bogus e-mails are circulating that ask people to aid hurricane victims and their families by clicking on a PayPal button to make a donation, said Johannes Ullrich, chief research officer for the Sans Institute.
"They're using PayPal because it allows them to be more anonymous. But if you reply and ask them for their address to mail the check, they don't respond," Ullrich said, noting that in many cases it is difficult to ascertain whether the e-mail is legitimate.
He advised people to ask the organization for its nonprofit tax ID before making a donation. That ID number can be checked against the database housed by the Internal Revenue Service. Consumers should also review the list of reputable nonprofit agencies posted on the Federal Emergency Management Agency Web site, he said.
Scams perpetuated on the Internet following a disaster are nothing new. However, Katrina-related scams seem to be appearing faster than those linked to relief efforts after the Asian tsunami late last year, Ullrich said.
"The (fraudulent) activity level is about the same, but maybe faster," he said. "It could be because it's a hurricane and you can plan for it. Some of the domain names with a hurricane suffix are already taken up, because (the United Nations World Meteorological Organization) comes out with a list of names that goes out six years in advance."
Currently, there are 106 Web sites that are registered with the name Katrina and hurricane, weather, disaster, relief or fund included in the domain, according to security monitoring company Websense. Of those, roughly a third lack original content and have notices indicating they are under construction, coming soon, or the domains are up for sale, Websense said.
| 09/01/05
