H1N1 might actually affect your PC

Malicious hackers have found a way to trick unwary users to install malware on their computers running Windows. The exploit is through fake H1N1 alerts for the vaccines.

The exploit is applied as follows:

  1. You receive an e-mail message offering information regarding the H1N1 vaccination.
  2. These e-mail messages contain a bogus link to prompting you to create a profile.
  3. Clicking on the link in step 2 above will take you to the spoofed website. During which the malware file is implanted on your machine.

Check out this US-CERT advisory which contains some of the e-mail subject lines being used in the spam run. Some examples:

  • “Governmental registration program on the H1N1 vaccination”
  • “Your personal vaccination profile.”

According to research from AppRiver,  the scam tricks computer users into believe they are part of a “State Wide H1N1 Vaccination Program” and are required to create a vaccination profile on the CDC website.

“The link provided in the email takes you to a very convincing looking imitation of a CDC web page where you are given a temporary ID and a link to your ‘vaccination profile’. The link is in fact…an executable file that contains a copy of a Trojan most commonly identified as xpack or Kryptik…once installed on your PC, this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization. It also enables a remote hacker to take complete control of your computer.”

AppRiver further states that the messages are being received at a rate of 18,000 per minute, that is more than one million per hour.

Here take a look at the fake spoofed CDC Web site being used in this attack:

The Fake E-mail with a Create Personal Profile link to the spoofed site

SNETTSCOM is an IT company. We excel at providing solutions in systems integration, consultancy, outsourcing, applications development, networking and security. Aside from this, SNETTSCOM also specializes in creative design and marketing.

Recommended Posts