Tsunami unlocks floodgates for opportunists

Posted by   Virus Bulletin on   Feb 1, 2005

An inevitable string of tsunami related hoaxes, fraud attempts and new malware variants

As most of the world was still reeling from the news and pictures of devastation in Asia following the 26 December tsunami, the FBI was forced to issue an alert last month, warning those wishing to donate to tsunami relief funds that they may be targeted by Trojan exploits and 419 scams.

The FBI reported that bogus websites had been set up masquerading as legitimate relief organizations requesting donations – at least one of which, it stated, contained an embedded Trojan exploit. In other scams, those who had made appeals for information about friends and relatives still missing following the tsunami were targeted by unsolicited emails that offered to locate loved ones – for a fee. And, in the UK, a 40-year-old man was jailed for six months after being found guilty of sending hoax emails to relatives and friends of the missing, stating that the UK government ‘regretted to inform the victim that the missing person they were inquiring about was confirmed dead’. The man claimed he had suffered a ‘moment of madness’ when he concocted the messages.

Of course, ‘419ers’ never miss a trick, and the Internet has swarmed with an influx of messages requesting that money be deposited in overseas banks to support the tsunami relief effort or asking for personal or financial information in an effort to retrieve inheritance funds tied up in relation to the tsunami disaster. Indeed, many a security-savvy sysadmin may have felt ostracised by colleagues horrified that they had taken the decision to block these and other apparent ‘desperate pleas for help’.

In the US the FBI arrested a man last month for sending around 800,000 hoax tsunami fund-raising messages. The FBI tracked down Matthew Schmieder, from Pittsburgh, with the help of UK anti-spam operation Spamhaus. Unlike most regular spammers, Schmieder had made little attempt to cover his tracks. Spamhaus’s Steve Linford said: ‘He had very little in place by way of defences and … we were able to very quickly track him down … He lived right around the corner from the FBI offices.’

In the UK, an attempt to hack into the website of the Disasters and Emergency Committee (DEC), which was set up after the tsunami, is currently under investigation. A 28-year-old man has been arrested and is being questioned.

The (hopefully) final and depressingly inevitable piece

to the tsunami jigsaw in terms of IT security knock-on effects has been the discovery of mass-mailing worm W32/Zar@mm, which poses as a plea for donations to help with the tsunami disaster and the VBS/Geven worm, which claimed that the tsunami was God’s revenge on ‘people who did bad on earth’.

More encouragingly, however, VB is pleased also to be able to report the better side of human nature: a number of authors of recent VB articles have requested that their honorarium payments be donated to tsunami relief funds.

Posted on 1 February 2005 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.