Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

We need your help: VA Tech Domains

Published: 2007-04-19
Last Updated: 2007-04-21 18:36:17 UTC
by Johannes Ullrich (Version: 5)
0 comment(s)
Even faster then for Hurricane Katrina, new domains are registered for the VA Tech shootings. Some of them are used for benevolent purposes. However, a good share of them are parked for auction and even used for fraudulent donations.

We setup a page with about 450 different domain names that look suspect. If you have a few minutes, help us to categorize the domains. You need to log in (so we can prevent bad input).

For details, see
(Update 0900UTC Thank you for your help - we had all domains checked in record time!)
(Update 1430UTC Of course the above 450 wasn't the end of it. We just found a handful more that need checking out. Your help is greatly appreciated!)
(Update Saturday, 1800UTC: Another 97 suspect domains just arrived. If you got some time, please take a look).

Quickest way to work through them:

- log in
- goto
- click "modify" next to a random domain.
- the domains info will now show up
- click 'whois' in the form. A new window/tab will open with whois information
- keep another window open to visit the domain if necessary.

Done forget to add a note with details. thanks!!!

If you would like to help the victims: VA Tech setup a site here:

Quick unrelated update: We are also seeing spam that contains malware advertising itself as a video clip of the event.
0 comment(s)
Diary Archives