[ISN] Red Cross e-mail donation hoax circulating

From: InfoSec News (isnat_private)
Date: Fri Oct 26 2001 - 02:54:52 PDT

  • Next message: InfoSec News: "[ISN] Now is the time for two-factor security"

    By Reuters 
    October 25, 2001, 6:30 p.m. PT 
    SAN FRANCISCO--A malicious computer program is quietly making the
    rounds, disguising itself as an e-mail donation form for the American
    Red Cross while attempting to steal credit card information, antivirus
    vendors said Thursday.
    When the e-mail attachment is opened, the malicious program, called
    Septer.Trojan, prompts people to fill in a donation form purporting to
    aid the victims of the Sept. 11 attacks.
    The information is then sent to a Web site that is not affiliated with
    the Red Cross, according to Symantec.
    The program, called a Trojan horse because it masquerades as something
    else, is rated a low risk because it is not spreading widely, said
    Patrick Martin, development manager of Symantec's security response
    Unlike computer worms that can spread themselves automatically, the
    Trojan is spread only by someone forwarding it to another person, he
    "We've only gotten a handful of submissions," Martin said of the
    Trojan, which was first discovered last week. "People are being
    suspicious because it's very unusual for an agency or organization
    such as the Red Cross to solicit donations in such a promiscuous
    However, Three Pillars, a managed security services firm, saw a lot of
    the Trojan e-mails being sent to its customers, according to Ruth
    Lestina, vice president of operations and engineering.
    On Thursday alone there were 142,000 Trojan e-mails coming into the
    network, she said. Customers were protected with antivirus software,
    Lestina added.
    "It's playing on people's feelings from the September tragedy," she
    said. "It's deemed a low risk because the user has to take an action,
    but if you look at anything on the news these days, the American
    public is very, very willing to help anything pertaining to the
    tragedy and the Red Cross is a trusted name," Lestina said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 04:16:25 PDT