[ISN] Red Cross e-mail donation hoax circulating

From: InfoSec News (isnat_private)
Date: Fri Oct 26 2001 - 02:54:52 PDT

Next message: InfoSec News: "[ISN] Now is the time for two-factor security"

Previous message: InfoSec News: "[ISN] [defaced-commentary] Breaking windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.cnet.com/news/0-1003-200-7662475.html?tag=mn_hd

By Reuters 
October 25, 2001, 6:30 p.m. PT 

SAN FRANCISCO--A malicious computer program is quietly making the
rounds, disguising itself as an e-mail donation form for the American
Red Cross while attempting to steal credit card information, antivirus
vendors said Thursday.

When the e-mail attachment is opened, the malicious program, called
Septer.Trojan, prompts people to fill in a donation form purporting to
aid the victims of the Sept. 11 attacks.

The information is then sent to a Web site that is not affiliated with
the Red Cross, according to Symantec.

The program, called a Trojan horse because it masquerades as something
else, is rated a low risk because it is not spreading widely, said
Patrick Martin, development manager of Symantec's security response
center.

Unlike computer worms that can spread themselves automatically, the
Trojan is spread only by someone forwarding it to another person, he
said.

"We've only gotten a handful of submissions," Martin said of the
Trojan, which was first discovered last week. "People are being
suspicious because it's very unusual for an agency or organization
such as the Red Cross to solicit donations in such a promiscuous
manner."

However, Three Pillars, a managed security services firm, saw a lot of
the Trojan e-mails being sent to its customers, according to Ruth
Lestina, vice president of operations and engineering.

On Thursday alone there were 142,000 Trojan e-mails coming into the
network, she said. Customers were protected with antivirus software,
Lestina added.

"It's playing on people's feelings from the September tragedy," she
said. "It's deemed a low risk because the user has to take an action,
but if you look at anything on the news these days, the American
public is very, very willing to help anything pertaining to the
tragedy and the Red Cross is a trusted name," Lestina said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Now is the time for two-factor security"
Previous message: InfoSec News: "[ISN] [defaced-commentary] Breaking windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 04:16:25 PDT