Sick hack attacks are posing as spammed news about the Hurricane Katrina disaster, according to a Sophos report.
Experts at SophosLabs, Sophos’ global network of virus, spyware and spam analysis centres, have warned of a widespread spam campaign that poses as a breaking news report about the Hurricane Katrina disaster affecting the southern states of the US. The campaign tries to trick innocent computer users into visiting a bogus web site, which tries to infect their PCs with malware.
The experts believe that the people behind the e-mail attack are deliberately adding random characters into the subject lines in an attempt to avoid detection by rudimentary anti-spam filters.
The body of the e-mails can vary, but all relate to the disaster hitting New Orleans and elsewhere across the southern American states. A typical example would start with “Mississippi Governor Haley Barbour said Tuesday that Hurricane Katrina killed as many as 80 people in his state and burst levees in Louisiana flooded New Orleans.”
Windows users who follow the web link visit a web site, which pretends to be a fuller version of the news story, but exploits vulnerabilities in Microsoft’s Internet Explorer software to install a variety of malicious code including Troj/Cgab-A, Troj/Borobot-P, Troj/Borobot-Q, Troj/Borodldr-H, and Troj/Inor-R. The malicious attack is designed to allow remote hackers to gain unauthorised access to the victim’s computer.
Other phoney e-mails and web domains asking people to aid hurricane victims are also in circulation, warned Sans Institute in its web site. These bogus web sites include katrinahelp.com, katrinarelief.com and katrinacleanup.com.
“Receiving or reading the e-mails themselves does not mean you are infected,” said Graham Cluley, senior technology consultant for Sophos. “However, if users click on the link contained inside the e-mail they will be taken to a malicious web site which will try and infect their computer. Once infected the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption.”
“The hurricane is a dreadful natural disaster, and it’s sickening to think that hackers are prepared to exploit the horrendous situation in an attempt to break into computers for the purposes of spamming, extortion and theft,” continued Cluley. “Everyone should ensure they have defences in place to properly protect against the very latest malware attacks.”
Scams perpetuated on the internet following a disaster are nothing new. Similar e-mail appeared last month in the wake of the London bombing and the Asian tsunami last year.
Security monitoring company Websense has discovered 106 web sites all registered with the name Katrina and hurricane, weather, disaster, relief or fund included in the domain. Of those, about a third lack original content and have notices indicating they are under construction, coming soon, or the domains are up for sale, the company said.
