The US SANS Internet Storm Center reported late Tuesday that at least 28 domain names have been registered that relate to the shootings, including www.vatechshooting.com and www.hokiemassacre.com.
SANS handler George Bakos said many of the sites have yet to contain content, and they may be used for a positive purpose, such as fund-raising. Still, users should be wary of receiving emails that direct them to these newly created sites.
"While some of these are undoubtedly well-intentioned organisations joining in the outpouring of support for the friends and family of the victims, others are likely to be opportunists who want to cash in on the suffering of others," Bakos said.
"Be on the lookout for a rash of spam and phishing coming from these leeches."
Cho Seung-Hui, a Virginia Tech student, shot and killed more than 30 of his classmates Monday morning in what is believed to be the most deadly peacetime shooting in US history. He killed himself before police could get to him.
Ben Butler, director of the abuse department at leading domain registrar Go Daddy, told SCMagazine.com that the company is actively monitoring domain names that are using terms and phrases related to the massacre.
If Go Daddy, which has registered nearly 20 million domains since its inception, decides a site is being used for a fraudulent or morally wrong purpose, such as glorifying the shootings, it will be shut down — either by Go Daddy or another hosting provider, he said.
He added that he encourages users to tip the company off on illegitimate sites.
So far, Butler said, Go Daddy is monitoring quite a few sites with URLs related to the shootings.
"It's constantly growing at this point," he said. "In the post-Hurricane Katrina situation, we had several hundred. This one isn't quite that bad yet, but you never know. We try to maintain our objectivity. We have to see the actual malicious intent [before taking them down]."
Many of the these types of sites remain parked, and content is never added to them, Butler said. In some cases, the site names are purchased - usually for under US$10 - in hopes that someone will pay the owner much for the name.
Other times, people register the domains, add some advertising and search links, and hope they will be heavily trafficked so they can make money for each click, Butler said.
"It's actually a small minority who ever put up any content related to the domain name," he said.
Todd Beardsley, lead counter-fraud engineer at Austin, Texas-based TippingPoint, told SCMagazine.com that people often try to capitalise on heavily reported stories.
"This does happen basically any time anything interesting happens, good or bad," he said. "We saw it first on a large-scale basis with the Asian tsunami. A lot of people will think, 'Oh, they've gone to register their domain. They must be legitimate.'"
Bakos said users should vet organisations asking for cash donations and other personal information.
"With any luck, these have been scooped up by cybersquatters who will be left holding the bag when nobody is heartless enough to use the domains for unscrupulous purposes," he said.
Earlier this week, US-CERT said scammers may spam users with phishing emails that contain links to a site "that appears to be a legitimate charity."
Users are encouraged to only follow trusted links, contact their bank whenever they think their information may have been compromised and call questionable organisations directly to verify their legitimacy.
US-CERT said this is not the first time criminals have taken advantage of national tragedies to line their wallets.
The latest example occurred in late August when Tropical Storm Ernesto threatened Florida.
Beardsley said events such as the tsunami and Katrina are more likely to be successful for fund-raising scammers than the Virginia Tech rampage because they are inavoidable natural disasters that affect many poor people.
Virginia Tech massacre may spawn phishing scams
By Dan Kaplan on Apr 19, 2007 9:40AM