Katrina-Related Scams, Continued

From Brian Krebs:

I posted yesterday about several Web sites and online auctions that appeared to be taking advantage of the misery and destruction visited on Gulf Coast residents by Hurricane Katrina to earn a few bucks at the expense of otherwise legitimate relief efforts. A longer version based on reporting by me and Caroline E. Mayer also appeared in today’s edition of The Washington Post.

Sometime between my blog post yesterday and this morning, the person behind those sites — known through Web site registration records only as “Demon Moon” — appears to have taken down the fake PayPal donation page.

But other Katrina-related scams are underway. According to an alert posted this morning at the SANS Internet Storm Center, an e-mail is going around promising news about the hurricane relief effort, but instead links to a Web site that tries to install some kind of program. According to an alert posted by WebSense, the file that the site tries to install is a “Trojan horse” program that in turn installs another Trojan, which can give attackers full control over infected computers. The method used in this attack, according to WebSense, is very much like a similar scam we saw earlier this month targeting people eager for news about U.S. Marines killed in an bomb attack in Iraq.

The Internet Storm Center’s chief technology officer, Johannes Ullrich, pointed me to a few more apparently fraudulent Katrina-relief Web site addresses. These URLs all point to a single site that accepts PayPal donations but shows no indication of being affiliated with any nationally recognized charity.

Those sites include: www.neworleanscharities.com, www.donate-katrina.com, www.christiandonations.org parishdonations.com, www.clergydonations.com, www.katrinafamilies.com, www.katrina-donations.com www.internetdonations.org. Each will forward visitors to Internetdonations.org, which is registered to one Frank Weltner, 64, of St. Louis. Internet address records show Weltner also is the curator for a site called JewWatch.com. The site claims it “is NOT a hate site,” but rather “a scholarly research archive of articles.”

A cursory glance at the links, however, indicates that the “research” may be a bit one-sided.

(Editor’s note: The site did not appear to be available at 2:15 p.m. ET today.)

Katrina-Related Scams, Continued

Leave a Reply

Your email address will not be published. Required fields are marked *