Video Screencast Help
Security Response

Spammers Exploit Japan’s Catastrophic State

Created: 14 Mar 2011 12:33:14 GMT • Updated: 23 Jan 2014 18:22:14 GMT • Translations available: 日本語
Samir_Patil's picture
+1 1 Vote
Login to vote

Only a few days ago, Japan experienced one of the worst earthquakes in its history. The earthquake registered 8.9 on the Richter scale and triggered an enormous tsunami. The heart-wrenching images on television have left the world shaken. It was the worst earthquake and tsunami in the past century and at least 50 countries have since received related tsunami warnings.

As the death and injury tolls continue to rise, one must not forget those who awake to exploit such delicate situations—spammers continue to maintain the guise of charitable institutions and governmental organizations! Don’t be surprised to  suddenly see an email message in your inbox marked as URGENT and pleading with you for "monitory help" [sic] or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami. Use prudence in finding out the genuine intent of email senders before you reach out or respond.

Within the first few hours of the earthquake and tsunami, Symantec researchers observed more than 50 domains with the names of either "Japan tsunami" or "Japan earthquake." These domains are either parked, available for sale, or are linked to earthquake sites. Don’t be surprised if you see these domains being used in phishing and spam attacks. Below are a few of the samples:

3-11-2011-[removed].com
3-11[removed].com
earthquake-[removed].com
earthquaketsunami[removed].com
earthquakerelief[removed].com

Symantec has observed a classic 419 message targeting the Japanese disaster. The message is a bogus "next of kin" story that purports to settle millions of dollars owing to an earthquake and tsunami victim:


 
Previously, when such disasters occurred, Symantec observed a sudden surge in virus attacks in the form of nasty attachments and .zip files embedded in spam sent from such predatory attackers. Do not open them, especially if you don’t know the source! Use caution when opening forwarded messages related to the Japan earthquake and tsunami, and any other tragedy or event that stirs international news coverage, legitimate or otherwise. Nefarious attackers may be sending malicious Java scripts and other threats that could compromise both your personal data and your computer.

While our hearts go out to those grappling with this unprecedented catastrophe, we at Symantec want to urge users to be cautious about unscrupulous elements. Symantec recommends that our readers reach out to the affected through legitimate and secure channels so that the help sent by you reaches the intended recipients.

Note: Thanks to Dylan Morss, Christopher Mendes, and Sujay Kulkarni for contributed content.