Swine Flu Scam Infecting Users With Spam
A bogus e-mail purportedly from the CDC is using the swine flu outbreak to infect users' machines with spam.
In response to the latest in a long line of socially engineered spam attacks, McAfee and the Centers for Disease Control (CDC) are warning people to be on the lookout for a new scam that's using the recent swine flu outbreak as a lure to infect their computers.
On the McAfee Labs blog, a posting is urging people to avoid the urge to respond to an unsolicited e-mail that falsely claims to be an "H1N1 vaccination profile" that purportedly would be used for a state vaccination program.
In actuality, McAfee researchers said it's just the most recent ploy to facilitate the distribution of a Zeus trojan executable for the purposes of hosting and disseminating spam.
"After clicking a link to fill out the profile -- which claims to be required by the CDC -- the Zeus Trojan is installed on the unsuspecting victim's machine," McAfee officials said.
The primary servers hosting the offending Web sites are based in Columbia, Brazil, India, Malaysia, Chile, and Argentina, according to the researchers.
On its Web site, the CDC was quick to discredit the bogus e-mail, saying, "the CDC has NOT implemented a state vaccination program requiring a registration on www.cdc.gov. Users that click on the e-mail are at risk of having malicious code installed on their system."
Both the CDC and McAfee are urging users who stumble across the hoax to avoid unsolicited e-mails' requests to open attachments or click on links, and to always use caution before entering personal information of any kind online.
McAfee's security team said the phony e-mails are showing up with a variety of subject lines including "State Vaccination H1N1 Program," "Governmental Registration Program on the H1N1 vaccination," and "State Vaccination Program."
The domains in the e-mail were registered or updated a week before the campaign began, according to McAfee. The WHOIS information associated with the domains indicate that most of them were registered with a Belgium registrar at active24.be.
This is hardly the first time spam purveyors have used a government agency to strike fear into the hearts of Internet users.
In September, a Cutwail botnet spam campaign used the threat of an IRS audit to get people to click on an attachment that would then embed malware on users' machines.
Larry Barrett is a senior editor at InternetNews.com. Based in Las Vegas, Larry covers IT management, enterprise software, services and security.