Katrina MalwareIt didn't take long. This morning, we received an email which is promissing news about the Hurricane. However, the site it links to appears to provide malware in addition to a brief news article. The text of the email (the original is in HTML):
Katrina Donation ScamsA couple of the domains we discovered yesterday removed the paypal button. Again, please let us know if you find any suspect domains. There are now about 230 .com domains that contain the strings 'katrina' and 'hurrican'. We could use your help checking out domains we found that 'sound suspect'. These have been filtered from the .com zone file using keywords like 'katrina'. Lots of innocent domains, so don't use it as a block list just yet. We are trying to anotate this list as needed. NOTE: If you send us an anotation to add, we will add an e-mail address of yours to 'sign' the comment. The email address will be obfuscated. Unsigned comments come from our ISC handler team. http://isc.sans.org/katrina.com.txt Susan Bradley had this nice remark about "cyber looting" on the patch management list: "to the folks behind this one....sick guys....really sick... you know how much small businesses are going to need geek/IT help in the coming months and all you guys can do is to code up stuff like this? How about donating to the red cross? How about volunteering to help a small business owner displaced by Katrina reset up MX records, A records? How about doing something useful instead of this stuff? Okay rant box off"
Dameware ExploitWe do see pretty stong scanning for the recent Dameware exploit. The Dameware.com site is located in New Orleans and not reachable since the storm. However, you can download the latest version from the UK site: http://www.dameware.co.uk/thankyoudownload.asp?group=Downloads
(thanks David for the UK URL). --------
Sep 2nd 2005
1 decade ago