Australian Bushfires

Published: 2009-02-12
Last Updated: 2009-02-13 04:13:03 UTC
by Mark Hofman (Version: 1)
0 comment(s)

As many of you may know the state of Victoria in Australia has seen the worst bushfires ever.  The final death toll is expected to be over the 300 and sadly it looks like a number of these fires were lit deliberately. 

Whenever an event like this occurs the internet is a place where things move quickly.  Domains are registered, sites appear and donations are taken.  So we've been keeping an eye on the domains being registered that are relevant to the bushfires.   

Sadly there have already been arrests of people trying to profit from this event, by posing as colectors for charities, etc. 

So here is a break down of what we've found so far:

  • Legit** - Sites that provide support for victims, or information and either do not ask for financial donations or redirect donations to the red cross or Salvation Army.
    • victorianbushfire.com, victorianbushfireforum.com, bushfireappeal.com, bushfirehousing.org, vicbushfiresgivehelp.com, victorianbushfires.com, bushfireforum.com, bushfires729.com, bushfiresanta.com
  • For Sale - Domains which an enterprising "entrepreneur" has reserved in order to make a buck on the potential demand for the domain.  Although to be fair there may be someone who reserved it in order to donate it to an organisation that would like to use it.
    • bushfireappeal.org, bushfireblog.com, bushfirerelief.com, victorianbushfireappeal.com, australianbushfires.com, australiabushfire.com, bunkerbushfire.com, bushfirebunkersaustralia.com, bushfirebunkersdownunder.com, thebushfirebunker.com, victorianbushfirereliefvolunteers.or
  • Suspect - Currently has no page visible so can't determine the intent
    • bushfirebunker.com, bushfirebunkers.com, bushfirerelief.info, bushfirerelief.net, bushfireshelters.co, au-bushfires.com, bushfireactionplan.com, bushfireaid.com, bushfirehomes.com, bushfirehomes.net, bushfirehomes.org, bushfirehousing.com, bushfirehousing.net, bunkerbushfires.com, bushfiresafety.net, bushfiresafety.org, victorianbushfires.info
  • Potentially Bad/Misguided - A site asking for financial donations to be submitted to them and they will pass it on.   Possibly someone trying to the right thing, but going about it the wrong way. 
    • bushfireappealqld.org - Not sure what this site is about, but they are asking for donations.
    • bushfirevictims.com - Sellling cds and will donate $10 from each to bushfire.  Nice idea but donate directly

If you come across domains that are asking for donations that I haven't covered please let us know (markh.isc (at) gmail . com) or via the contacts form.   If people want to donate encourage them to use the redcross.org.au site or the salvation army web sites. 

Mark H

**legit as in looks like a site trying to do the right thing.  It is by no means a guarantee that they are or will remain so.

0 comment(s)

Apple Security Updates

Published: 2009-02-12
Last Updated: 2009-02-12 23:37:34 UTC
by Johannes Ullrich (Version: 2)
0 comment(s)

Apple today released a number of security updates:

1 - Safari for Windows.

This update will bring Safari up ot version 3.2.2. It fixes a vulnerability within Safari which allows for the execution of Javascript in "feed:" URLs.

2 - OS X Update 2009-001

The first security update from Apple for 2009. It fixes a huge number of issues (I counted 45 CVE numbers). Many of them are in X11, perl and python. This patch includes the Safari patch mentioned above.

3 - Java update for OS X

And lastly: Apple also released a patched version of java, which will bring Java up to version 8 for OS X 10.4 (Tiger... not Leopard). For Leopard (OS X 10.5), Java update 3 was released today as well.

See:

http://support.apple.com/kb/HT1222
http://support.apple.com/downloads/

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute                                                        

Keywords:
0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives