Security News > 2005 > January > Phishers, virus writers exploit tsunami disaster

Phishers, virus writers exploit tsunami disaster
2005-01-18 11:38

http://star-techcentral.com/tech/story.asp?file=/2005/1/18/technology/9933974&sec=technology January 18, 2005 PETALING JAYA: Computer security firms have issued warnings about phoney e-mail and fraudulent websites that seek to exploit the Asian Tsunami disaster to steal confidential data or spread malicious viruses. Sophos Plc has discovered a mass-mailing worm that poses as a plea for donations. The VBSun-A worm (W32/VBSun-A) spreads via e-mail, tempting innocent users into clicking its malicious attachment by pretending to be information about how to donate to a tsunami relief effort. However, running the attached file will not only forward the virus to other Internet users but can also initiate a denial-of-service (DoS) attack against a German hacking website, the British antivirus company said in a statement. A DoS attack seeks to crash a webserver by overloading it with a flood of requests for data. E-mail sent by the VBSun-A worm arrive with the subject line "Tsunami Donation! Please help!" and the message text "Please help us with your donation and view the attachment below! We need you!" The worm has an attachment named "tsunami.exe." Sophos recommends that recipients delete the e-mail and not open the attachment. "Duping innocent users into believing that they may be helping the tsunami disaster aid efforts shows virus writers stooping to a new low," said Graham Cluley, senior technology consultant at Sophos. "This gruesome insensitivity is a despicable ploy to get curious computer users to run malicious code on their computers. "Everyone should be wary of unsolicited e-mail attachments, and visit the established charity websites (www.google.com/tsunami_relief.html) instead if they wish to assist those suffering as a result of the disaster," he added. Further details about VBSun-A can be found at www.sophos.com/virusinfo/analyses/w32vbsuna.html. VBSun-A is not the first virus to try and take advantage of the tsunami disaster, Sophos said. The VBS/Geven-B worm tried to spread a sick message earlier this month that the tsunami was God's revenge on "people who did bad on Earth." Not only have criminals in Taiwan send SMS (short message service) messages posing as the Red Cross, but a variety of fraudulent e-mail and phishing websites impersonating donation collection sites have also cropped up, warned Tokyo-based antivirus company Trend Micro Inc. Such cases have already cropped in Australia, Canada, China, England, Singapore and the United States, Trend Micro said in a statement. These cases include e-mail messages that give account information for wiring donations or links to what appears to be relief websites. Trend Micro said donors should be careful when using search engines to find relief organisations. One such donor used a search engine to find the China Charity Federation's website; the organisation's actual website is www.chinacharity.cn, but instead he found www.chinacharity.cn.net (an additional .net was present). Donors should make certain they are donating money to an actual charitable organisation, and not a phisher posing as one. They should also NOT forward e-mail asking for donations without first confirming their authenticity, in order to prevent more victims from falling prey. In addition, users should not click on any links in the body of an e-mail, even if it is a known address -- these addresses should be typed manually into the address bar. If an e-mail soliciting donations is suspicious, users can forward them to Trend Micro as an attachment (do not forward directly as the body of the e-mail) to let experts determine its authenticity free of charge: Suspicious e-mail containing links: antifraud () support trendmicro com Suspicious e-mail not containing links: hoaxes () support trendmicro com Nigerian scam Trend Micro also warned that the infamous Nigerian Letter scam operators have "revamped" their fraudulent practice -- which usually takes the form of seeking help from outsiders to transfers hundreds of millions of dollars in a frozen account -- to now enable a businessman to donate billions of dollars to relief efforts. The e-mail claiming to be from a rich businessman who is dying from oesophageal cancer appears with the subject "HOW YOU CAN BE OF HELP TO TSUNAMI VICTIMS." The body of the text includes a lengthy letter, explaining how the author contracted cancer and will not live long, and is willing to donate his US$1.2bil (RM4.6bil) located in a European bank to the victims of the tsunami. The letter says, "I will want you to assist me transfer this deposit into your bank account and dispatched (sic) it to TSUNAMI VICTIMS. Please kindly contact me through my private e-mail address below." Trend Micro reminded users not to make contact as requested if they receive this e-mail -- not only will they not receive their "service fee," but they might also see their own savings washed away. Sri Lankan 'phisherman' The company said it also recently received fraudulent e-mail in Australia claiming to be from a victim of the disaster. The apparent author of the letter, Ram-Kisha Narayan, claims to be a fisherman from Sri Lanka whose wife and three children died in the tsunami, while his house and fishing boat were swept away, along with half of the houses in his village. The letter states that he is seeking financial assistance for all the fishermen in his village so that their fishing boats can be repaired or replaced, and their livelihoods restored. The village described in the letter is Klalutara, a resort town south of the capital Colombo. An Associated Press report showed comparison photos of this area before and after the tsunami, leaving a deep impression in many people around the world. The suspicious part of this e-mail is that the bank account information included is at Postbank in the Netherlands, Trend Micro noted. Another e-mail from Phuket vividly describes the tsunami washing away the alleged author's family, "... my beautiful daughter was calling me daddy to come and save her, but there was nothing I could do, because the flood was very heavy and dangerous." The moving letter asks for financial assistance to be wired to London through Western Union, as locals there are helping him rebuild his life. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/


News URL

http://star-techcentral.com/tech/story.asp?file=/2005/1/18/technology/9933974&sec=technology