Haiti quake expected to lead to fraud and spread malware

A number of web domains relating to Tuesday's earthquake in Haiti already are live, some of which are likely to be used maliciously, experts said Wednesday.

As has been the case with other disasters, such as Hurricane Katrina, opportunists likely will use the domains to set up fake charity sites used for phishing, Johannes Ullrich, chief research officer at the SANS Institute, told SCMagazineUS.com. In addition, cybervandals may promote fake videos about the disaster, which could be used to trick individuals into installing malware.

Some domains tied to the event will certainly be used for cybercrime, said Joel Esler, security consultant with intrusion prevention vendor Sourcefire, and an incident handler at the SANS Internet Storm Center.

“Unfortunately, malicious phishers will set up a web page on one of these domains asking people to donate money to the relief of the disaster, when really all the phisher is doing is stealing the credit card information of these individuals,” Esler told SCMagazineUS.com in an email. “It's rather unfortunate that these malicious people prey on people essentially trying to help out.”

As of last night (AEDT), 250 domain names relating to the Haiti disaster had been registered with popular domain registrar Go Daddy, Neil Warner, CISO and vice president of technical operations told SCMagazineUS.com.

“Based on the past, there are going to be some out of the 250 that are malicious,” Warner said.

In the past, cybercriminals have tried to obtain an SSL certificate for their fake charity sites to make them appear legitimate, Warner said.

“We monitor really closely who is trying to get an SSL certificate and stop it that way if someone is trying to do that,” he said.

Warner added that Go Daddy has not yet identified any sites relating to the Haiti earthquake being used maliciously.

To avoid donating to a fake organization, individuals should only donate to charities they already know and trust, Ullrich said. Also, the IRS maintains a list of tax-exempt charities, which individuals can use to determine if a charity is legitimate. The list is not fully up-to-date, however, as it takes some time for new organisations to be added, Ullrich said.

Also, users should be wary if they try to watch a video about the disaster and are told they need to install a codec to view it, Ullrich said. The download could be malware.

See original article on scmagazineus.com