The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile. During this process, a malware file gets planted on the user’s machine.
This US-CERT advisory contains some of the e-mail subject lines being used in the spam run. Some examples:
- “Governmental registration program on the H1N1 vaccination”
- “Your personal vaccination profile.”
According to researchers at AppRiver, the scam tricks computer users into believe they are part of a “State Wide H1N1 Vaccination Program” and are required to create a vaccination profile on the CDC website.
link provided in the email takes you to a very convincing looking
imitation of a CDC web page where you are given a temporary ID and a
link to your ‘vaccination profile’. The link is in fact…an executable
file that contains a copy of a Trojan most commonly identified as xpack
or Kryptik…once installed on your PC, this Trojan will create a
security-free gateway on your system and will proceed to download and
install additional malware without your authorization. It also enables
a remote hacker to take complete control of your computer.”
AppRiver says the messages are being received at a rate of 18,000 per minute, more than one million per hour.
Here’s a look at the fake spoofed CDC Web site being used in this attack:
*Giant composite image via Y‘s Flickr photostream