AT&T Tech Support 360
- Related Stories
-
The aftermath of Katrina's fury
September 1, 2005 -
Tech community joins Katrina relief effort
September 1, 2005 -
Hurricane cleanup could take months, years
August 31, 2005
Phony Web sites and e-mails, purporting to offer help to hurricane victims or provide more news on the destruction, are making their rounds on the Internet, security experts said Thursday.
One spam campaign that's circulating offers breaking news reports but tricks people into clicking a link that takes them to a bogus Web site, according to security firm Sophos. The site attempts to exploit vulnerabilities in Internet Explorer and install malicious code, including the Troj/Cgab-A Trojan horse, on a victim's system Sophos said.
Some of these e-mails carry subject headers such as "re: g8 Tropical storm flooded New Orleans" and "re: q1 Katrina killed as many as 80 people."
"If users click on the link contained inside the e-mail, they will be taken to a malicious Web site which will try and infect their computer," Graham Cluely, senior technology consultant for Sophos, said in a statement. "Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption."
Other bogus e-mails are circulating that ask people to aid hurricane victims and their families by clicking on a PayPal button to make a donation, said Johannes Ullrich, chief research officer for the Sans Institute.
"They're using PayPal because it allows them to be more anonymous. But if you reply and ask them for their address to mail the check, they don't respond," Ullrich said, noting that in many cases it is difficult to ascertain whether the e-mail is legitimate.
He advised people to ask the organization for its nonprofit tax ID before making a donation. That ID number can be checked against the database housed by the Internal Revenue Service. Consumers should also review the list of reputable nonprofit agencies posted on the Federal Emergency Management Agency Web site, he said.
Scams perpetuated on the Internet following a disaster are nothing new. However, Katrina-related scams seem to be appearing faster than those linked to relief efforts after the Asian tsunami late last year, Ullrich said.
"The (fraudulent) activity level is about the same, but maybe faster," he said. "It could be because it's a hurricane and you can plan for it. Some of the domain names with a hurricane suffix are already taken up, because (the United Nations World Meteorological Organization) comes out with a list of names that goes out six years in advance."
Currently, there are 106 Web sites that are registered with the name Katrina and hurricane, weather, disaster, relief or fund included in the domain, according to security monitoring company Websense. Of those, roughly a third lack original content and have notices indicating they are under construction, coming soon, or the domains are up for sale, Websense said.
See more CNET content tagged:
hurricane,
Sophos Plc.,
online scam,
Websense Inc.,
PayPal
Once I tracked an IP address to a server called Roadrunner.com. Once I got to the site, I tried to find an attacker. I forgot the name of the attacker but the address stopped at Roadrunner.com with a specific IP address. I was hoping from roadrunner stand point they can track all the data running through there system and see if they can find a particular hacker comming from 2 specific IP ports and continue tracking back to the source of the hacker. However, I sent them all my McAffee logs to the company for several days but they could not even track it.
In conclusion, when some logon to the net a Dynamic IP address is created. Then it travels out to the router through a modem of some kind and to there ISP before heading out to the rest of the world. At the ISP, I am hoping they can see internet traffic, information, and more. However, mostly looking for viruses and hacking attempts.
I guest this would be something hard to do but it would be nice for some of us to really start working on.
Once I tracked an IP address to a server called Roadrunner.com. Once I got to the site, I tried to find an attacker. I forgot the name of the attacker but the address stopped at Roadrunner.com with a specific IP address. I was hoping from roadrunner stand point they can track all the data running through there system and see if they can find a particular hacker comming from 2 specific IP ports and continue tracking back to the source of the hacker. However, I sent them all my McAffee logs to the company for several days but they could not even track it.
In conclusion, when some logon to the net a Dynamic IP address is created. Then it travels out to the router through a modem of some kind and to there ISP before heading out to the rest of the world. At the ISP, I am hoping they can see internet traffic, information, and more. However, mostly looking for viruses and hacking attempts.
I guest this would be something hard to do but it would be nice for some of us to really start working on.
Once I tracked an IP address to a server called Roadrunner.com. Once I got to the site, I tried to find an attacker. I forgot the name of the attacker but the address stopped at Roadrunner.com with a specific IP address. I was hoping from roadrunner stand point they can track all the data running through there system and see if they can find a particular hacker comming from 2 specific IP ports and continue tracking back to the source of the hacker. However, I sent them all my McAffee logs to the company for several days but they could not even track it.
In conclusion, when some logon to the net a Dynamic IP address is created. Then it travels out to the router through a modem of some kind and to there ISP before heading out to the rest of the world. At the ISP, I am hoping they can see internet traffic, information, and more. However, mostly looking for viruses and hacking attempts.
I guest this would be something hard to do but it would be nice for some of us to really start working on.