Posted by Virus Bulletin on Feb 1, 2005
An inevitable string of tsunami related hoaxes, fraud attempts and new malware variants
As most of the world was still reeling from the news and pictures of devastation in Asia following the 26 December tsunami, the FBI was forced to issue an alert last month, warning those wishing to donate to tsunami relief funds that they may be targeted by Trojan exploits and 419 scams.
The FBI reported that bogus websites had been set up masquerading as legitimate relief organizations requesting donations – at least one of which, it stated, contained an embedded Trojan exploit. In other scams, those who had made appeals for information about friends and relatives still missing following the tsunami were targeted by unsolicited emails that offered to locate loved ones – for a fee. And, in the UK, a 40-year-old man was jailed for six months after being found guilty of sending hoax emails to relatives and friends of the missing, stating that the UK government ‘regretted to inform the victim that the missing person they were inquiring about was confirmed dead’. The man claimed he had suffered a ‘moment of madness’ when he concocted the messages.
Of course, ‘419ers’ never miss a trick, and the Internet has swarmed with an influx of messages requesting that money be deposited in overseas banks to support the tsunami relief effort or asking for personal or financial information in an effort to retrieve inheritance funds tied up in relation to the tsunami disaster. Indeed, many a security-savvy sysadmin may have felt ostracised by colleagues horrified that they had taken the decision to block these and other apparent ‘desperate pleas for help’.
In the US the FBI arrested a man last month for sending around 800,000 hoax tsunami fund-raising messages. The FBI tracked down Matthew Schmieder, from Pittsburgh, with the help of UK anti-spam operation Spamhaus. Unlike most regular spammers, Schmieder had made little attempt to cover his tracks. Spamhaus’s Steve Linford said: ‘He had very little in place by way of defences and … we were able to very quickly track him down … He lived right around the corner from the FBI offices.’
In the UK, an attempt to hack into the website of the Disasters and Emergency Committee (DEC), which was set up after the tsunami, is currently under investigation. A 28-year-old man has been arrested and is being questioned.
The (hopefully) final and depressingly inevitable piece
to the tsunami jigsaw in terms of IT security knock-on effects has been the discovery of mass-mailing worm W32/Zar@mm, which poses as a plea for donations to help with the tsunami disaster and the VBS/Geven worm, which claimed that the tsunami was God’s revenge on ‘people who did bad on earth’.
More encouragingly, however, VB is pleased also to be able to report the better side of human nature: a number of authors of recent VB articles have requested that their honorarium payments be donated to tsunami relief funds.
Posted on 1 February 2005 by Virus Bulletin
