Fake H1N1 (Swine Flu) alerts lead to malware

Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms.

The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile.  During this process, a malware file gets planted on the user’s machine.

This US-CERT advisory contains some of the e-mail subject lines being used in the spam run.

Some examples:

• “Governmental registration program on the H1N1 vaccination”
• “Your personal vaccination profile.”

According to researchers at AppRiver,  the scam tricks computer users into believe they are part of a “State Wide H1N1 Vaccination Program” and are required to create a vaccination profile on the CDC website.

“The link provided in the email takes you to a very convincing looking imitation of a CDC web page where you are given a temporary ID and a link to your ‘vaccination profile’. The link is in fact…an executable file that contains a copy of a Trojan most commonly identified as xpack or Kryptik…once installed on your PC, this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization. It also enables a remote hacker to take complete control of your computer.”

AppRiver says the messages are being received at a rate of 18,000 per minute, more than one million per hour.

Here’s a look at the fake spoofed CDC Web site being used in this attack: