Rogue anti-virus prevalent on links that relate to Haiti earthquake, as donors encouraged to look carefully for genuine sites
The earthquake that hit Haitian capital Port-Au-Prince earlier this week has led to a huge rise in related malicious URLs.
Zscaler Research reported that only an hour after the 7.0 earthquake hit on Tuesday afternoon, there was a 1,578 per cent increase in URLs visited, with a corresponding 5,407 per cent increase in bandwidth usage for ‘Haiti' URLs.
On the malware front, it reported as seeing an increase in search engine optimisation (SEO) taking advantage of Haiti earthquake search terms to redirect visitors to rogue anti-virus download sites.
This was also echoed by security vendors. Websense Security Labs ThreatSeeker Network discovered that searches on terms related to the earthquake returned results that led to a specific rogue anti-virus program via maliciously engineered search results.
Three samples of malware were discovered, with two having 20 per cent anti-virus coverage and another having eight per cent.
Also, F-Secure reported that a link titled as ‘Haiti earthquake donate' leads to a website that installs a rogue into the system that it claims is supported by F-Secure.
Mathew Nisbet, malware data analyst at Symantec Hosted Services, noted an upturn in spam and poison search results designed to exploit individuals' generosity.
He said: “The humanitarian crisis caused by the Haitian earthquake has captured the world's sympathies and people are flocking to donate online. Sadly these are exactly the conditions that a cynical scammer would be looking to exploit, as the desire to help can often cloud a person's good judgement.
“They count on the public's good nature, concern and desire to help, and hope that they won't see through the scam email which they are reading.”
David Harley, director of malware intelligence at ESET, said: “It would be naive to contend that the security industry is entirely altruistic when it points to potential problems: we make our living from making people safer, or trying to. However, I'm not about to apologise for that any more than I expect my doctor to apologise for making his living out of accidents and diseases.
“You can be as cynical as you like about how successful we are, but most of the people I know in the industry aren't in it purely for the money. And the warnings I have been seeing about SEO poisoning, scams, malware, rogue AV and so on, may increase sales directly or indirectly, but if they do encourage people to help themselves by whatever means, surely that's a good thing?
“However, I've noticed several people in the industry or somehow connected to it taking what you might consider a more positive approach to evading some of these issues, by pointing to legitimate aid resources. As with other kinds of phishing, scamming and so on, you'll be much safer going to known legitimate resources than responding to unsolicited requests for help from unverified sources.”