Volunteers Prep to Thwart Hurricane Rita Scams

Hurricane Rita is heading onshore, and Internet criminals around the globe are already rigging up fake charity sites. However, several teams of security watchdogs are readying countermeasures to ward off the "cyber-looters."

With Hurricane Rita looming offshore and the Gulf Coast populace heading to higher ground, several Internet watchdogs on Thursday prepared a volunteer effort to combat an expected wave of donation scams.

An international "call to arms" notice went out on the MWP (Malicious Websites and Phishing) research and operational mailing list by Gadi Evron, the CERT manager in Israels ministry of finance.

"Over the next few days, some of us are going to process information about sites that will probably be used for Rita scams," Evron said in his posting. "Through MWP resources and ISP connections, we are going to make sure these sites are taken off-line as soon as we detect them."

Evron said that through coordination with a registrar list, the MWP group looked to terminate the domains at the registrar level.

In addition, the MWP hoped to gain the cooperation of several incident-response mechanisms to build the list of offending sites.

/zimages/1/28571.gifClick here to read more on the Katrina cyber-looters.

"This is an excellent example of the degree of behind-the-scenes cooperation between the security, abuse or terms-of-service staff at large ISPs, both between each other, and with law enforcement and the domain registrar community," said Bill Woodcock, research director with the nonprofit Internet routing education group Packet Clearing House.

In addition, the Internet Storm Center said bogus charities covering Hurricane Rita had already been discovered.

The group was working with US-CERT Control Systems Security Center on the problem.

The group also offered an advisory on the handling of suspect charity URLs.

"These efforts go on all the time, but I think peoples outrage at fake hurricane relief sites has brought a little more attention to the problem," Woodcock said.

Within hours of Katrinas landfall in late August, scam artists snapped up Katrina-related Web domains and began using them to siphon money from unwitting contributors.

Similar online "cyber-looting" scams were perpetrated following the Asian tsunami in December.

Officials in several southern states, including Missouri and Florida, took legal action this month to shut down some Web sites, with names such as katrinahelp.com and katrinafamilies.com, that were using the tragedy to direct money to dubious organizations.

However, the rate that domains can be registered is considerable.

For example, in the week following the strike of Katrina, more than 2,500 storm-related sites were registered.

On one day alone, almost 500 domains with the word "Katrina" were registered, according to the SANS Institutes Internet Storm Center.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.