Application security, Malware, Phishing

Earthquake and tsunami breed web scams, malware

The 8.9-magnitude earthquake and deadly tsunami in Japan also has triggered a tidal wave of cybercrime, say experts.

Almost immediately after the news broke, internet fraudsters got to work by customizing their malicious websites so they would rank near the top of search results, a process known as black hat search engine optimization. The sites purportedly featured information about the quake but actually had been booby-trapped with malware, such as rogue anti-virus programs.

"We immediately monitored for any active attacks as soon as news broke out, and true enough, we saw web pages inserted with key words related to the earthquake," wrote Norman Ingal, threat response engineer at Trend Micro.

Chicanery on the web is quite common following disasters, including previous tsunamis and other unique tragedies.

US-CERT on Friday also warned of possible phishing ploys and other email scams that might target unwitting users. The SANS Internet Storm Center, meanwhile, advised users to be on the lookout for bogus organizations that may be mimicking legitimate charities.

"If possible, donate to organizations you know and trust, not to new organizations just set up for this particular event," wrote handler Guy Bruneau. "The IRS maintains a list of tax-exempt charitable organizations."

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds