Virus writers are now exploiting the December 2004 Tsunami disaster. The most recent example, the Zar worm (a.k.a. VBSun), is a mass-mailing email worm that sends itself to everyone listed in the Global Address Book. The subject of that email is "Tsunami Donation! Please help!" and the body reads simply "Please help us with your donation and view the attachment below! We need you!". The attachment is named TSUNAMI.EXE.
The Zar worm follows on the heels of Geven.B, a VBScript worm that spreads by attaching itself to ZIP files. Geven.B drops itself to the user's desktop as "Tsunami - A must read - God's total avenge.txt.vbs". By default, Windows does not display executable file extensions thus the dropped filename may appear to be a harmless text file. Geven.B also drops a plain text file named "tsunami.txt" that reads:
It is God's total avenge!
To those people who did bad on earth...
God has promised, that He will give lesson,
and this is a promise that the End of Day
is just not too far ahead!
Pray, do good and may God bless you!
Tell and share this message with everyone who has faith in God.
Hoaxsters also quick to exploit
Worms aren't the only miscreant email exploiting the Tsunami. As with past disasters, email hoaxsters are once again adding insult to injury - this time emailing Tsunami victims under the guise of government officials. The email targets appeals posted to the Sky News website, seeking information about loved ones missing as a result of the Tsunami. The email claims those missing loved ones have been confirmed dead. British police confirm this particular hoaxster has already been apprehended.
The classic Nigerian 419 scam has also been adapted to take advantage of the Tsunami disaster. The emails claim one of the persons who perished in the Tsunami had large sums of money. The caretaker for the alleged cash is supposedly seeking "someone who will be able to use the fund better maybe for charity and support the Tsunami victims". The sender then claims, "I have thought of doing it myself but,my ministry is the apocalypse and I believe and preach the soon coming of the Lord which make me not indulgent in reliance on money or wealth in any form."
Another twist on the 419 theme involves a supposedly terminal patient who claims to have lost his entire family to the Tsunami. Repentent, he wishes to give $8.3 Million away in an effort to win clemency for his soul.
These Nigerian 419 schemes (so named after a section of Nigerian penal code) have been around for decades, originally transmitted via letter, fax, and phone. The Internet and email have lowered the criminal's costs dramatically and provided much wider distribution opportunities. Nigerian 419 schemes should not be considered harmless pranks - the US Secret Service has reported kidnappings and murders occurring in conjunction with these schemes, involving victims who made contact but presumably had a change of heart midway through.
Disasters a favorite target
The Tsunami is not the first disaster to be exploited by email hoaxsters. Shortly after the Beslan school siege in which over 300 persons were killed by Chechen rebels, emails began circulating claiming to be from relatives of the deceased or wounded children, seeking donations.
And after the September 11th World Trade Center disaster, an email hoax began circulating claiming that the Red Cross was donating 10 cents for every email forwarded, in order to fund an injured mother's surgery.
Of course, no one pays for forwarding email (though numerous hoaxes using that theme continue to thrive), government officials don't notify deceased relatives via email, and donations should never be made based on an email plea - no matter how compelling it may sound.
