Sunday, August 31, 2008

Hurricane Gustav: Fraud Watch

For several years I've worked as an "industry partner" sharing information with the coolest Law Enforcement / Industry / Academia partnership on the planet - the National Cyber Forensics Training Alliance. One of the very first things we did together was compiling potential fraud domains for Hurricane Katrina.

Since that time, anytime we've seen a natural disaster, we've been on the lookup for domains which might be abused for fraud. It was only natural then that I retuned my settings at DomainTools yesterday to alert on Gustav domains.

Here's what we've seen so far about new domains, registered with the word "Gustav" in them:

Parked Domains

- parked at GoDaddy

Parked at IPTV Domains:

Parked at Mad Dog Domains & Cattle Company:

Parked at Network Solutions:

Parked on a Sedo search click ads site:

Parked at

Points to a Sedo IP, but no content there:

Parked at WebSites2You:

For sale by auction on ebay and sedo by "":

Real Domains

There are several newly registered Gustav domains that actually contain real content! <== SHOCK! A real page of Gustav Information! (registered by Lawrence Muller of Virtual Corp in New York, who owns more than 400 other domains) <== SHOCK! A real page of Gustav-related photos! (registered via Domains By Proxy by someone who seems to be "on the ground" watching the National Guard come into town) <== SHOCK! A real page for Gustav-related photos! (registered by Cyril Payne of Theodore, Alabama. A nice frame, but no pictures yet.) <== SHOCK! Real information about the storm! (registered by Mark Cummings of Madisonville, Louisiana. Useful and current storm data, with Weather Channel graphics.)

Two Offering Good Deeds

Two other domains seem to be owned by Good Citizen who have reserved the domains and will give them for free to a worthy charity who would like to have the domain: <== SHOCK! A good deed doer has reserved this domain, which he will give for free to a real charity . . . <== See image

So far no signs of fraud, only Domain Speculation, but as always, we'll be keeping an eye on the situation as we move forward.

Gary Warner
Director of Research
UAB Computer Forensics

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.