Net fraudsters target paralympics donations

Internet fraudsters posing as a bank has been phishing for donations for the New Zealand paralympics team for the Athens games in...

Internet fraudsters posing as a bank has been phishing for donations for the New Zealand paralympics team for the Athens games in August.

New Zealand bank Westpac is the official sponsor for the paralympians and there is a legitimate request for donations, which can be seen on the bank's website.

However, bogus e-mail messages sent out to potential donors were traced to a site hosted in the US, where a seemingly empty web page was loaded. The page contained encrypted Javascript that took advantage of an exploit for unpatched versions of Windows, and which attempts to download two files from the website.

The last of the two files is a variant of the Bizex trojan horse, according to Nick FitzGerald, an antivirus researcher and consultant in Christchurch. Bizex contains what's known as a keylogger, a small application that surreptitiously keeps track of what users type, such as users' credit card numbers as they type them in to make the donations.

This means the scammers need not set up bogus sites to obtain people's credit card numbers, directing the victims instead to the correct payments processor and the donation would be made. The card numbers could then be used by the scammers.

Craig Hobbs, the executive director of New Zealand's Paralympics team, expressed disgust and concern at the scam.

"It's hard enough as it is to get people to donate without these things coming along and creating suspicion."

Hobbs said that using the internet and postal campaigns for donations was attractive for the New Zealand Paralympians as it can reach many people cheaply.

The US website is still up and, apart from the Westpac scam, the site contains ads for credit card "skimmers" (hand-held magnetic strip readers) and dubious-sounding online money transfer systems.

Juha Saarinen writes for Computerworld New Zealand Online

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close