Warning: Swine Flu (Spam) Attacks!
In this spam message, discovered by Symantec researchers, victims are reeled in with a legitimate-looking news link and an image. The message appears to be a questionnaire asking users if they're located in the United States or Mexico and whether they know anyone affected by the outbreak. Users are then asked to share their experiences, which includes filling out a Web application form that requests personal information. In reality, however, attackers behind the spam campaign will use the information for spam lists and for identity theft activities.
Since the World Health Organization issued a health alert, Influenza A H1N1, otherwise known as swine flu, has spurred a barrage of fake news alerts warning users of the pandemic and offering a host of remedies. This multifaceted spam message, found by security researchers at Symantec, appears to be both, capitalizing on the breaking news and then quickly advertising a product to boost victims' immune systems and prevent infection. Victims who either download the video or click on the ad at the bottom will likely be infected with malware, not swine flu.
Due to the fact that swine flu originated in or very near Mexico, it stands to reason that many of the spam messages and phishing attacks exploiting the disease would target the Spanish-speaking population. This message, discovered by researchers at SonicWall, appears to come from the Health Secretary of the Mexican government, purporting to warn users about the pandemic and subsequently offering vaccinations to counteract the disease. All users have to do is "register" by clicking on the link. The message also invites users to click on a link to obtain more information. However, the links in the message will bring users to a malicious file on aztlan.org.mx that will download malicious code to their systems.
Users clicking on links in the previous slide's spam message will be brought to this file, discovered by researchers at SonicWall, after clicking on links in spam messages that claim to offer swine flu vaccinations. As one can see, the site, which security experts estimate was hacked, has very little to do with swine flu or vaccinations. However, once directed to the site, users will automatically download a Trojan to their computers that will steal data from their systems.
Well not really. But almost anything with Obama and swine flu in the subject line is sure to attract curious users. In this swine flu spam, provided by researchers at McAfee Avert Labs, Obama's name is used to entice users to open the e-mail. It doesn't seem to matter that the attacks have mixed up their social engineering scams. We're not exactly sure what swine flu has to do with Gore and emissions.
Attackers will no doubt capitalize on users' morbid curiosity regarding the swine flu epidemic. Relying on curiosity, coupled with users' secret desire to see celebrities take a tumble, the perpetrators have their attack nailed. However, upon closer inspection of the spam message, discovered by McAfee Avert Labs researchers, users will find a link in the short subject line to what is probably a fake pharmaceutical site with a Chinese domain.