Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 22nd, 2008

Hackers And Scammers Continue Exploit China Earthquake

Spammers and scammers are always ready to jump on the latest disaster or big news headline to try and exploit users. This time its time to exploit the Chinese earthquake disaster, which killed more than 50,000, to push scams and malware spam.

In one report scammers sent out text messages enticing people to send donations to fund the aid for helpless victims. Today there was a report of spam message allegedly from a Filipino seeking financial aid to follow his wounded wife in China.

Here are the first and last portions of the long-winded letter designed to get merciful recipients to take action, i.e. donate money. It starts with:

Dear friend,

I do not know your exact name. I can only guess. I ask you to read through my letter up to the end.

And ends:

And still, if you will be able to help me I shall consider you to be the best man in this world. You will save a life of mine Jin. I shall write the data on which I will be able to receive cashes in Philippines through Western Union.

Next there are emails with infected Word attachments that include MalDoc-Fam Trojan. They being distributed in messages that pose as news about the disaster, net security firm Sophos reports. The malware-tainted emails typically appear with body text suggesting they contain news from China’s official press agency, Xinhua:

BEIJING, May 20 (Xinhua) — The death toll from the earthquake in southwest China’s Sichuan Province has risen to 34,074 nationwide as of 2 p.m. Saturday, while 198,347 people were injured, according to the Information Office of the State Council. Pay attention to attachment for more.

Opening the attached Word document triggers an exploit that downloads malware onto vulnerable Windows PCs. The MalDoc-Fam Trojan is more than a year old, dating from March 2007.

These schemes, much like during those that surfaced during previous tragedies, are surely only some of the many that will continue to use this ploy.

Recent reports tell that even the official Web site for donations to the eathquake victims in China, the Chinese Red Cross, has itself been hacked to divert donations elsewhere. Ironically, even if you carefully donate only to legitimate organizations, you can never be sure who will actually get the money nowadays.

Users should be extremely cautious in extending their help. If possible, keep a closer watch of who gets the donation and where it goes.

Share this article with others:

More on CyberInsecure:
  • New Malware Spam Reporting Bogus Beijing Earthquake Targets Olympic Games Fans
  • Japanese Earthquake And Tsunami Searches Infect Users With Malware
  • Scammers Attempt To Trick Companies, Pose As Domain Registrar Employees
  • Targeted Attack Hits Chinese Gmail Accounts, Google Might Exit China
  • Chinese Scammers Act As Registrars, Blackmail Domain Name Owners

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Hackers And Scammers Continue Exploit China Earthquake

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.