Your Ad Here

Thursday, January 14, 2010

Haiti Earthquake brings More Opportunity for Hackers

Haiti Earthquake brings More Opportunity for Hackers

By Kellep A. Charles, CISA, CISSP

SecurityOrb.com


Soon after the devastating earthquake that hit Haiti, SecurityOrb.com has been monitoring the Internet channels for malicious activities and here is what we have been able to find…


There has been an increase in the purchase of Internet domain names related to the Haiti earthquake event in the form of new charities and organizations. This information has been confirm by Internet security watchdog at the SANS Internet Storm Center stating, "We are already seeing a bunch of domains being parked in relation to the Haiti disaster.”


SecurityOrb.com feels that not all the new domain names maybe be for malicious purposes since there has been a sympathetic movement to help out the Haitian people, but since Hurricane Katrina in 2005 there have been an increase in the registration of fraudulent domains with the purpose of attempting to scam and exploit the generosity of people. So we are following these events closely to see if the trend continues.


Furthermore, we have seen a rise in malicious Twitter activity in recent days in the form of tag-poisoning and tinyURL links that send users to malicious sites. We urge users to be very mindful and since avoiding tinyURLs is nearly impossible when using twitter, we suggest users install the LongURL plug-in on Firefox. It will expand the URLs giving a better insight on the suggested URL.


Hackers will be sure to also attempt to trick users into downloading malware by planting false video footage in a file or telling them they need to download a compatible plug-in supposedly needed to view new video reports of the Haitian tragedy, if previous trends hold. By doing so, the user may introduce a Trojan to their system that can be used to send Spam from the infected systems.


Lastly, hackers have continued the routine of using current event and high profile news stories to continue Search Engine Optimization (SEO) to spread malware. SEO is the process of selecting targeted keyword phrases related to a site, and ensuring that the site places well when those keyword phrases are part of a Web search. Like in the past, topics and events such as the Michael Jackson death, Tiger Woods Incident and Patrick Swayze’s dead have yielded high rewards for hackers by luring users to malware infected sites. We feel the Haiti earthquake event will not be different. SecurityOrb.com suggest you have an antivirus program installed and it has been updated to the latest protect signatures.


Below are some additional helpful hints we located on the Internet; they seem to be very helpful,

Consumers should adhere to the following guidelines:


--Do not respond to any unsolicited (spam) incoming emails, which also include requests to click links embedded within those email messages.


--Be wary of individuals presenting themselves as surviving victims or as officials asking for donations via email or social networking sites.


--Make sure to verify the legitimacy of nonprofit organizations asking for donations before following a link to a site contained in one of their emails.


--Do not click on any files or pictures claiming to be from the disaster area that are contained in these emails, as they may contain viruses or some other kind of malware.


--Do not give out your personal or financial information to anyone soliciting contributions.


--If you are going to contribute, make sure it goes to a known organization. Do not rely on others to make the donation on your behalf.


Anyone who has received an email similar to what has been described above or has been a victim of this should notify the IC3 at www.ic3.gov.


Conclusion

SecurityOrb.com is going to attempt to keep an eye on this matter so we can inform our readers of all the possible computer security and fraudulent threats. For those interested in making donations we advised you to go directly to the websites of recognized charities also to thoroughly examine and read all the details of any emails that solicit charitable donations.

No comments: