Cyberthugs use 'Ondoy,' disaster alerts for scams

Disaster areas are hot spots for both opportunists and criminals. That goes for the virtual world, too. Just as cybercriminals exploited the worldwide attention on tropical storm “Ondoy" by sending trojan programs via fake news updates. 'Ondoy' attacks Computer security firm Trend Micro said cyber-criminals are exploiting worldwide attention on "Ondoy" by sending trojan programs disguised as news updates. A ‘trojan’ is a ‘malware’ or malicious software that appears to perform a desirable function for the user but, in reality, facilitates unauthorized access to the user's computer system. “Cybercriminals heartlessly exploited the calamity that unfolded in the Philippines. They rigged multiple URLs related to this news to point unknowing users to FAKEAV. Such SEO (search engine optimization) poisoning campaigns attract users all over the Web especially those who are trying to get information about their loved ones and fellow countrymen in the Philippines," senior threat analyst Joseph Pacamarra said in Trend Micro's blog site. Users who click the links in the supposed news sites will be redirected to several landing pages where they are asked to download an EXE file, soft_207.exe.

The file, TROJ_FAKEAV.BND, does GeoIP (geolocation Internet Protocol) checks that target specific regions or locations. But Trend Micro said the new development is that the cyber-criminals use search engine optimization, such that their sites come out on top of search results. "Although riding on tragic events is not exactly new, what is notable is it employed once again blackhat SEO to lead users to a FAKEAV as we had previously discussed here," Trend Micro said. It advised users to be wary in clicking any URLs. Indon earthquake ‘virus’ Cyber con men have also taken advantage of the September 30 Indonesian earthquake to wreak havoc in cyberspace. Internet security corporation Symantec reveals that malware creators have come up with scams designed to make money from people who want to help the victims of the Indonesian quake. Cybercriminals are poisoning web searches so that their fake websites are listed at the top of the search results page. Many of the listings sourced from the use of terms like “Western Samoa," “earthquake," or “tsunami," will link to malicious pages. Once a user clicks on the poisoned link, the fake site then offers to perform “an antivirus scan." The scan is the scam, as the user then becomes vulnerable to any spywares or viruses that are on the bogus sites. The sites may also be the contact points for so-called disaster donation scams. Hon Lau, a security response manager at Symantec, stated: “The people behind these scams are constantly evolving and adapting their attacks to suit current news events. Unfortunately there is no event, no matter how heartbreaking, which a hacker will not try to profit from." Online disaster scams aren’t new. Some of the most notorious ones took advantage of 2005’s Hurricane Katrina in the US, the 2008 Myanmar cyclone, and China’s May 12 earthquake. Those who search the Web for news of their loved ones or those who are eager to help victims of calamities become prime targets for cyberthugs. Aside from installing Internet security software, people are advised to be vigilant of any suspicious search results highlighting dubious sites. -GMANews.TV