Following my previous post, I had lots of questions about what we are seeing in terms of malware and fraud taking advantage of the Haiti earthquake.
Not surprisingly we have seen an increase of web transactions to charity / donation sites - including some domains that were registered immediately following the earthquake, for example, haitifoundation.com.
Web transactions to donations sites range from:
- The mainstream, for example, RedCross
- The more obscure, for example, a personal blog (haitirescuecenter.wordpress.com) of an alleged worker in Haiti.
- The suspicious, for example, haitipal.com that links you to a PayPal donation to the user haitipal{at}hotmail[dot]com.
While, such sites may have good intentions, users should be wary of any site soliciting PayPal donations as there's no way to vet the source and ensure that donations are going to the victims. Individuals looking to donate should stick to reputable organizations only. CNN has a list of known, vetted donation organizations for Haiti.
On the malware front, we are seeing an increase in search engine optimization (SEO) taking advantage of Haiti Earthquake search terms to redirect visitors to FakeAV malware.
Here is a small list of the FakeAV domains that we have seen recently being redirected from Haiti Earthquake SEOed sites:
- fullsecurityscanc.com
- scan-now23.com
- full-pc-scanner1.com
- best-systemguard.net
- full-pc-scanner22.com
Zscaler will continue to monitor and protect their customers against this campaign.
