Information Security News
mailing list archives
Red Cross e-mail donation hoax circulating
From: InfoSec News <isn () c4i org>
Date: Fri, 26 Oct 2001 04:54:52 -0500 (CDT)
October 25, 2001, 6:30 p.m. PT
SAN FRANCISCO--A malicious computer program is quietly making the
rounds, disguising itself as an e-mail donation form for the American
Red Cross while attempting to steal credit card information, antivirus
vendors said Thursday.
When the e-mail attachment is opened, the malicious program, called
Septer.Trojan, prompts people to fill in a donation form purporting to
aid the victims of the Sept. 11 attacks.
The information is then sent to a Web site that is not affiliated with
the Red Cross, according to Symantec.
The program, called a Trojan horse because it masquerades as something
else, is rated a low risk because it is not spreading widely, said
Patrick Martin, development manager of Symantec's security response
Unlike computer worms that can spread themselves automatically, the
Trojan is spread only by someone forwarding it to another person, he
"We've only gotten a handful of submissions," Martin said of the
Trojan, which was first discovered last week. "People are being
suspicious because it's very unusual for an agency or organization
such as the Red Cross to solicit donations in such a promiscuous
However, Three Pillars, a managed security services firm, saw a lot of
the Trojan e-mails being sent to its customers, according to Ruth
Lestina, vice president of operations and engineering.
On Thursday alone there were 142,000 Trojan e-mails coming into the
network, she said. Customers were protected with antivirus software,
"It's playing on people's feelings from the September tragedy," she
said. "It's deemed a low risk because the user has to take an action,
but if you look at anything on the news these days, the American
public is very, very willing to help anything pertaining to the
tragedy and the Red Cross is a trusted name," Lestina said.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Red Cross e-mail donation hoax circulating InfoSec News (Oct 26)