Scammers Grab Katrina Sites

It took less than three days for scammers to start using the hurricane disaster to distribute phishing attacks and worms to the unwary and unsuspecting.

Websense Inc. last week was researching a malicious Web site posing as a Katrina news site, believing the site included encoded JavaScript that tries to exploit a pair of Internet Explorer vulnerabilities. If successful, a Trojan horse is surreptitiously installed on machines of people who surf to the site. The code "is almost verbatim with what we saw in early August used in an Iraqi news scam," says Dan Hubbard, Websense's senior director of security and research.

E-mails also circulated under subject headings such as "Re: q1 Katrina killed as many as 80 people" that contained an embedded link, says the security research firm Sophos plc, that leads to a site that exploits the Internet Explorer vulnerabilities.

It's likely that more Katrina scams are on the horizon, Websense's Hubbard says. Websense has tracked new registered domain names and found more than 100 registered using combinations of "katrina," "donate" or "disaster" in two days. Some are legit, but most will end up with scammers. Some of these domain names have been placed for sale on eBay Inc., with claims by their sellers that part or all of the proceeds will go to the American Red Cross relief effort or those of other charities.

If this sounds familiar, it should. Similar scams appeared almost immediately after the tsunami in southeast Asia.

--Gregg Keizer, TechWeb