September 1, 2005 12:04 PM PDT

Online scams emerge in Katrina's wake

Hurricane Katrina has spawned more than misery and destruction--a new wave of scam e-mails and Web sites are exploiting the tragedy.

Phony Web sites and e-mails, purporting to offer help to hurricane victims or provide more news on the destruction, are making their rounds on the Internet, security experts said Thursday.

One spam campaign that's circulating offers breaking news reports but tricks people into clicking a link that takes them to a bogus Web site, according to security firm Sophos. The site attempts to exploit vulnerabilities in Internet Explorer and install malicious code, including the Troj/Cgab-A Trojan horse, on a victim's system Sophos said.

Some of these e-mails carry subject headers such as "re: g8 Tropical storm flooded New Orleans" and "re: q1 Katrina killed as many as 80 people."

"If users click on the link contained inside the e-mail, they will be taken to a malicious Web site which will try and infect their computer," Graham Cluely, senior technology consultant for Sophos, said in a statement. "Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption."

Other bogus e-mails are circulating that ask people to aid hurricane victims and their families by clicking on a PayPal button to make a donation, said Johannes Ullrich, chief research officer for the Sans Institute.

"They're using PayPal because it allows them to be more anonymous. But if you reply and ask them for their address to mail the check, they don't respond," Ullrich said, noting that in many cases it is difficult to ascertain whether the e-mail is legitimate.

He advised people to ask the organization for its nonprofit tax ID before making a donation. That ID number can be checked against the database housed by the Internal Revenue Service. Consumers should also review the list of reputable nonprofit agencies posted on the Federal Emergency Management Agency Web site, he said.

Scams perpetuated on the Internet following a disaster are nothing new. However, Katrina-related scams seem to be appearing faster than those linked to relief efforts after the Asian tsunami late last year, Ullrich said.

"The (fraudulent) activity level is about the same, but maybe faster," he said. "It could be because it's a hurricane and you can plan for it. Some of the domain names with a hurricane suffix are already taken up, because (the United Nations World Meteorological Organization) comes out with a list of names that goes out six years in advance."

Currently, there are 106 Web sites that are registered with the name Katrina and hurricane, weather, disaster, relief or fund included in the domain, according to security monitoring company Websense. Of those, roughly a third lack original content and have notices indicating they are under construction, coming soon, or the domains are up for sale, Websense said.

6 comments

Join the conversation!
Add your comment
Katrina and the Waves (of deceipt)
Unfortunately, one persons demize is another persons fortune. It's sick but it's a fact of life. I'm a customer of Anonymizer.com and I can't tell you how many times this program has saved me. Just to feel secure surfing again is quite cool. I highly recommend this software to everybody. Nobody is going to record my IP, Name, passcodes again.
Posted by paul_lozon (3 comments )
Reply Link Flag
Katrina and the Waves (of deceipt)
Unfortunately, one persons demize is another persons fortune. It's sick but it's a fact of life. I'm a customer of Anonymizer.com and I can't tell you how many times this program has saved me. Just to feel secure surfing again is quite cool. I highly recommend this software to everybody. Nobody is going to record my IP, Name, passcodes again.
Posted by paul_lozon (3 comments )
Reply Link Flag
Katrina and the Waves (of deceipt)
Unfortunately, one persons demize is another persons fortune. It's sick but it's a fact of life. I'm a customer of Anonymizer.com and I can't tell you how many times this program has saved me. Just to feel secure surfing again is quite cool. I highly recommend this software to everybody. Nobody is going to record my IP, Name, passcodes again.
Posted by paul_lozon (3 comments )
Reply Link Flag
Lets track these web sites.
Why can't we just track these website down. These web sites has to lead some where and it has to be associated with a name of some kind. From an IT stand point, the Website has an IP address. That IP address has to belong to someone on the net. It doesn't matter where it goes or what it does. Information has to go some where. The question is where is it ending up. There should even be overrides for .PHP pages to track where the information going to as well.

Once I tracked an IP address to a server called Roadrunner.com. Once I got to the site, I tried to find an attacker. I forgot the name of the attacker but the address stopped at Roadrunner.com with a specific IP address. I was hoping from roadrunner stand point they can track all the data running through there system and see if they can find a particular hacker comming from 2 specific IP ports and continue tracking back to the source of the hacker. However, I sent them all my McAffee logs to the company for several days but they could not even track it.

In conclusion, when some logon to the net a Dynamic IP address is created. Then it travels out to the router through a modem of some kind and to there ISP before heading out to the rest of the world. At the ISP, I am hoping they can see internet traffic, information, and more. However, mostly looking for viruses and hacking attempts.
I guest this would be something hard to do but it would be nice for some of us to really start working on.
Posted by The Vanish (10 comments )
Reply Link Flag
Lets track these web sites.
Why can't we just track these website down. These web sites has to lead some where and it has to be associated with a name of some kind. From an IT stand point, the Website has an IP address. That IP address has to belong to someone on the net. It doesn't matter where it goes or what it does. Information has to go some where. The question is where is it ending up. There should even be overrides for .PHP pages to track where the information going to as well.

Once I tracked an IP address to a server called Roadrunner.com. Once I got to the site, I tried to find an attacker. I forgot the name of the attacker but the address stopped at Roadrunner.com with a specific IP address. I was hoping from roadrunner stand point they can track all the data running through there system and see if they can find a particular hacker comming from 2 specific IP ports and continue tracking back to the source of the hacker. However, I sent them all my McAffee logs to the company for several days but they could not even track it.

In conclusion, when some logon to the net a Dynamic IP address is created. Then it travels out to the router through a modem of some kind and to there ISP before heading out to the rest of the world. At the ISP, I am hoping they can see internet traffic, information, and more. However, mostly looking for viruses and hacking attempts.
I guest this would be something hard to do but it would be nice for some of us to really start working on.
Posted by The Vanish (10 comments )
Reply Link Flag
Lets track these web sites.
Why can't we just track these website down. These web sites has to lead some where and it has to be associated with a name of some kind. From an IT stand point, the Website has an IP address. That IP address has to belong to someone on the net. It doesn't matter where it goes or what it does. Information has to go some where. The question is where is it ending up. There should even be overrides for .PHP pages to track where the information going to as well.

Once I tracked an IP address to a server called Roadrunner.com. Once I got to the site, I tried to find an attacker. I forgot the name of the attacker but the address stopped at Roadrunner.com with a specific IP address. I was hoping from roadrunner stand point they can track all the data running through there system and see if they can find a particular hacker comming from 2 specific IP ports and continue tracking back to the source of the hacker. However, I sent them all my McAffee logs to the company for several days but they could not even track it.

In conclusion, when some logon to the net a Dynamic IP address is created. Then it travels out to the router through a modem of some kind and to there ISP before heading out to the rest of the world. At the ISP, I am hoping they can see internet traffic, information, and more. However, mostly looking for viruses and hacking attempts.
I guest this would be something hard to do but it would be nice for some of us to really start working on.
Posted by The Vanish (10 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.