Time to Announce Swine Flu Spam Pandemic?

"Swine" and "flu" are two words increasingly being used and searched for on the web. But don't forget to keep in mind that not all information about this virus, especially the one that you receive in your inbox, is real. Cyber criminals are continuing their malicious attacks and trying to trick as many users as possible.

McAfee researchers have noted that attackers have launched a bunch of swine flu spam campaigns with subject lines claiming that numerous celebrities, for example President Barack Obama, Madonna and Salma Hayek have been infected with swine flu. It is also known that many web sites with the words "swine" and "flu" are pushing malware.  Moreover, several attacks were found to be aimed at navigating potential victims to a Russian-based site. The site invited users to click on, an actually fake, video codec that launches malicious code onto victims' computers.

The most recent swine flu spam campaign is targeted at Japanese users and aims to spread malware to as many users as possible. This campaign not only uses "swine flu" as its social engineering method but also tries to trick users by claiming that the email was sent from a .yahoo.co.jp domain. This technique helps to avoid a number of spam filters and to also convince more users of the legitimacy of the email.

What does this whole attack look like? Potential victims receive an email with the subject line "Warning of Swine Flu", purportedly coming from the National Institute of Infectious Diseases. They are then urged to "find out" more about the swine flu pandemic simply by downloading an attached .zip file. However, when opened, this file drops a malicious executable on users' computers to steal information.

The malware was detected by Trend Micro as TROJ_PIDIEF.UA and TROJ_PIDIEF.TY. It is a specially-crafted .pdf file that exploits a known vulnerability in Adobe Reader 9.0 and earlier versions. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views the said file. Experts noted that this malware can drop and execute BKDR_KUPS.G.

The real National Institute of Infectious Diseases issued a warning of the fake spam messages on their website to inform users who may receive any similar malicious messages.

Most probably the amount of swine flu attack incidents will decrease when the disease fades from the center of media attention. However, until then, everybody is advised not to trust any unsolicited emails coming into their inboxes. If you really need more information about swine flu, go to trusted news sources. Never open swine flu related attachments in the received emails and don't forget to keep your antivirus software and spam filters up-to-date.