Online Scams Exploit Katrina Disaster

In the wake of hurricane Katrina, several online scams have begun to circulate the Internet, according to several security firms. Sophos warned users on Thursday not to open a malware-Infected e-mail posing as news on the disaster.

Possible subject lines of the e-mail could be "Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and
"Re: q1 Katrina killed as many as 80 people". The group said there could be additional variants.

BetaNews on Thursday morning had received a variant of the above e-mails, however it appeared that the variance is the letter and number combination following the "Re:" prefix.

In the body of the message, clicking on the "Read More.." link will take the user to a malicious Web site that poses as a news story. In reality, the site uses code to exploit vulnerabilities within Internet Explorer to install malware including the Troj/Cgab-A Trojan horse.

From there, the attacker could remotely access the user's computer.

"Receiving or reading the emails themselves does not mean you are infected," Graham Cluley, senior technology consultant for Sophos said.

The SANS Institute is reporting that there are several e-mails soliciting donations through a Paypal link. According to SANS, it may be difficult to tell whether the e-mail is from a legitimate organization.

"The hurricane is a dreadful natural disaster, and it's sickening to think that hackers are prepared to exploit the horrendous situation in an attempt to break into computers for the purposes of spamming, extortion and theft," added Cluley.

After discovery of the sites yesterday, several have been removed. "There are now about 230 .com domains that contain the strings 'katrina' and 'hurricane'. We will make a list of more domains like this public soon to ask for your help to review them," SANS said on its Web site.