Domain Name Registrants Capitalise on Massacre
Within 20 minutes of the first reports of the mass shootings at Virginia Tech on the morning of 16th April, four incident-specific domain names had been registered, and this number had risen to over 30 by the end of the day.
Most of these domain names have apparently been registered through GoDaddy, one of the largest US registrars. Very few are in use so far, and most are probably in the hands of squatters, but the picture continues to evolve. Several registrants have started offering them on eBay. But eBay has taken positive steps to block such sales and there has been a noticeable public backlash in the form of hate mail directed at sellers.
We must nevertheless anticipate a rise in spam, phishing and malware distribution from at least some of these domains. Emails containing bogus appeals for donations to victims' families and support charities are highly likely, as are Trojans hiding behind offers of explicit pictures of the incident, so all such messages should be treated with special caution.
This could prove to be the latest example in a continuing trend of malicious capitalising on sensational news, starting around June 2001 with the distribution of the Subseven backdoor Trojan masquerading as a movie of the execution of Oklahoma City bomber Timothy McVeigh. From the technical perspective, six years is a long time in information security, but events such as those signalled by the registration of these domain names suggest that the underlying human components of the infosec equation are perennial.