Updated Wednesday, March 19, 2009 at 5:14 p.m. EST
A number of web domains relating to Tuesday's earthquake in Haiti already are live, some of which are likely to be used maliciously, experts said Wednesday.
As has been the case with other disasters, such as Hurricane Katrina, opportunists likely will use the domains to set up fake charity sites used for phishing, Johannes Ullrich, chief research officer at the SANS Institute, told SCMagazineUS.com on Wednesday. In addition, cybervandals may promote fake videos about the disaster, which could be used to trick individuals into installing malware.
As of Wednesday morning, no cyberscams relating to the earthquake, which is believed to have killed tens of thousands of people, had been identified, Ullrich said.
But some domains tied to the event will certainly be used for cybercrime, said Joel Esler, security consultant with intrusion prevention vendor Sourcefire, and an incident handler at the SANS Internet Storm Center.
“Unfortunately, malicious phishers will set up a web page on one of these domains asking people to donate money to the relief of the disaster, when really all the phisher is doing is stealing the credit card information of these individuals,” Esler told SCMagazineUS.com in an email Wednesday. “It's rather unfortunate that these malicious people prey on people essentially trying to help out.”
As of noon EST on Wednesday, 250 domain names relating to the Haiti disaster had been registered with popular domain registrar Go Daddy, Neil Warner, CISO and vice president of technical operations told SCMagazineUS.com.
“Based on the past, there are going to be some out of the 250 that are malicious,” Warner said.
In the past, cybercriminals have tried to obtain an SSL certificate for their fake charity sites to make them appear legitimate, Warner said.
“We monitor really closely who is trying to get an SSL certificate and stop it that way if someone is trying to do that,” he said.
Warner added that Go Daddy has not identified any sites relating to the Haiti earthquake being used maliciously.
Also, users should be wary if they try to watch a video about the disaster and are told they need to install a codec to view it, Ullrich said. The download could be malware.