An e-mail referencing a vaccine for swine flu is circulating that includes a link to a malicious file on a Mexican Web site that is designed to steal bank log-in information, security firm SonicWall said on Friday.
The e-mail, which is in Spanish, has a link to the Qhost.NJI Trojan on a Web site that appears to be legitimate but has probably been hacked, said Nick Bilogorskiy, manager of antivirus research at SonicWall.
The Trojan, an executable file coded in Visual Basic, changes the host file on Windows computers so that if the computer is used to visit certain domains of Mexican banks the PC is redirected to itself without the user knowing it and the Trojan steals any log-in data that is typed, Bilogorskiy said.
Earlier in the week, Symantec said a malicious PDF had been discovered that masqueraded as a frequently-asked-questions document related to the outbreak. And there have been numerous reports of spam using swine flu-related subject lines that lure people to pharmaceutical sites, security firms have reported.
One of the latest outbreak-related phishing attempts includes a link to a data-stealing Trojan.
(Credit: SonicWall)
This is the main page of the site that the malware is on, but SonicWall says the site is legitimate and was probably hacked.
(Credit: SonicWall)Phishers and spammers have caught swine flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.
The e-mail scams have a subject line related to the swine flu and typically contain either a link to a phishing Web site or an attachment that contains malicious code, the US-CERT said in an advisory.
One scam features a malicious Adobe PDF document titled "Swine influenza frequently asked questions.pdf," according to Symantec. The malicious PDF file has been recognized as "Bloodhound.Exploit.6" and it drops malicious InfoStealer code onto the victim's computer, the company said.
One spam with a subject line "Suspected Mexican flu toll hits 81" includes news headlines from legitimate agencies and asks recipients whether they are located in the U.S. or Mexico and if they know anyone affected by the outbreak. Recipients are asked to go to a Web site to fill in a form or reply to the e-mail and include their e-mail address, address, and phone number, according to a post on Symantec's blog.
One e-mail scam exploiting the swine flu outbreak asks recipients for their contact information.
(Credit: symantec)McAfee Avert Labs also has information on swine flu-related spam on its site.
Cisco IronPort estimates that swine flu-related spam accounted for up to 4 percent of the worldwide total at its peak.
CERT tips for protecting against scams are to avoid following unsolicited Web links or attachments in e-mail messages and maintain up-to-date anti-virus software. More information is on the CERT site here and in a downloadable PDF.
For information about the swine flu visit the U.S. Centers for Disease Control and Prevention Web site.
At its peak on Monday, swine flu-related spam represented nearly 4 percent of the worldwide total on Monday, according to Cisco IronPort.
(Credit: Cisco IronPort)
- prev
- 1
- next
