Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Katrina Scammers Try To Infect PCs, Steal IDs

As experts predicted the day that Hurricane Katrina roared ashore, there was growing evidence by Thursday that scammers and hackers are using the disaster to distribute phishing attacks and worms to the unwary and unsuspecting.

"[We knew] it would only be a amount of time before someone did this," said Ronnie Manning, a spokesperson for Web security firm Websense in an e-mail to TechWeb.

Websense was researching a malicious Web site posing as a Katrina news site, added Manning, saying that the site included encoded JavaScript that tries to exploit a pair of Internet Explorer vulnerabilities. If successful, a Trojan horse is surreptitiously installed on machines of people who surf to the site. By mid-day Websense had posted an official alert on the scam.

"[The code] is almost verbatim with what we saw in early August used in an Iraqi news scam," said Dan Hubbard, Websense's senior director of security and research.

Two Web sites were hosting the malicious code, one based in Mexico, another out of the U.S., and both, said Websense, were up and running as of noon PDT Thursday.

  • 1