Tuesday, December 1, 2009

Bots Using H1N1 Fear to Distribute Malware

At about 8:15 (cst) this morning we began seeing a strikingly large malware campaign attempting to make it's passage to our users' inboxes. The social engineering tactic du jour is a ploy pretending to be an alert from the Center for Disease Control (CDC). The fake alert tries to convince the recipient that they are part of a “State Wide H1N1 Vaccination Program” and that they are required to create a vaccination profile on the CDC website. The link provided in the email takes you to a very convincing imitation of a CDC web page where you are given a temporary ID and a link to your “vaccination profile”. The link is in fact to an executable file that contains a copy of a Trojan most commonly identified as Zbot. This Trojan once installed on your PC, this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization. It also enables a remote hacker to take complete control of your computer. This malware can log your typed keystrokes and send confidential personal and financial data (including banking information, credit card numbers, and website passwords) to a remote hacker.
As of 9:15 (cst) we are seeing these messages at the extremely high rate of nearly 18,000 messages per minute netting over 1 million of these messages in the first hour alone. It is now officially flu season and considering the recent concerns over the H1N1 vaccine, I expect this to be a highly effective campaign against those who are not protected from this cyber-threat. Below is an example of the message along with a screenshot of the fake CDC webpage. (click image to enlarge)

1 comment:

Anonymous said...

any updates coming ?