Fraudsters plumb new depths

Internet fraudsters have never shied away from dirty tricks, but the latest scam to hit New Zealand and Aussie email inboxes plumbs new depths.

Internet fraudsters have never shied away from dirty tricks, but the latest scam to hit New Zealand and Aussie email inboxes plumbs new depths.

Masquerading as a message from Westpac Bank in Australia, the email solicits donations for the country’s Paralympics team for the Athens games in August.

These types of scams are known as “phishes”. The current one, however, is more elaborate than previous ones, which have simply employed deceptive URLs to lure email recipients to bogus websites.

Westpac is actually the official sponsor for the Paralympians and there is a legitimate request for donations, which can be seen on the bank's website.

But when Computerworld analysed the bogus message and traced it to a site hosted in the US, it was noticed that a seemingly empty web page was loaded as well. The page contains encrypted Javascript that takes advantage of an exploit for unpatched versions of Windows, and which attempts to download two files from the website.

The last of the two files is a variant of the “Bizez” trojan horse, according to Nick FitzGerald, an antivirus researcher and consultant in Christchurch. FitzGerald says Bizex contains what’s know as a “keylogger”, a small application that surreptitiously keeps track what users type. In this case, Bizex would log users’ credit card numbers as they type them in to make the donations.

This means the scammers don’t need to set up bogus websites to obtain people’s credit card numbers –- rather they could simply direct victims to the correct payments processor and the donation would be made. The card numbers could then be used by the scammers.

Craig Hobbs, the executive director of New Zealand’s Paralympics team, expressed disgust and concern at the scam.

“It’s hard enough as it is to get people to donate without these things coming along and creating suspicion.”

Having limited resources to organise physical fund-raising, Hobbs said that using the internet and postal campaigns was attractive for the New Zealand Paralympians, as it can reach many people cheaply.

Hobbs immediately alerted his Australian counterparts when told by Computerworld of the scam. As of writing, however, the US website is still up. Apart from the Westpac scam, the site contains advertisements for credit card “skimmers” (hand-held magnetic strip readers) and dubious-sounding online money transfer systems.

Computerworld alerted both the site hosting service and Westpac Australia to the scam, but received no reply before deadline.