Bogus CDC E-mail Downloads Malware
Many security software providers have warned that a big spam outbreak is widely exploiting people's interest in H1N1 vaccine.
According to them, a fraudulent e-mail is circulating on the web and tells recipients that as per a "State Vaccination H1N1 Program," it is necessary for them to set up their profile on the website of CDC (Centers for Disease Control and Prevention).
The e-mail also provides a web-link that leads to an imposter (or bogus) CDC page on which the user receives a tentative ID. Besides, the fake CDC page contains a link to a 'vaccination profile,' which in reality is a malicious .exe file carrying Trojan 'Kryptik' that attacks Windows, says a blog post by security company AppRiver, as reported by CNet News on December 1, 2009.
Once the Trojan is installed, it creates gateway on the infected computer that allows download of more malware, the post alerts. Further, the Trojan gives a remote attacker full control over the user's PC. It records the user's keystrokes and transmits financial and other personal data like website passwords, credit card numbers and banking details to the attacker, the post states.
According to security researchers at AppRiver, they noticed almost 18,000 e-mails every minute causing over 1 Million infections during the initial 60-minutes since Kryptik had been unleashed. Troy Gill, Security Analyst at AppRiver, stated that the numerous infections he spotted were only of AppRiver's consumers, suggesting that the worm had infected considerably more people, as reported by ChannelWeb on December 1, 2009.
The domain to which the e-mail's web-links are registered reflects the format - online.cdc.gov, said Symantec.
Hon Lau, a Symantec blogger, states that th campaign in discussion resembles those spam campaigns in which the URL link to a document, but in reality that downloadable document is a malicious executable, as reported by Securitywatch on December 1, 2009.
Lau also wrote that the URL was also 'personalized' so that the e-mail's recipient found the message more authentic rather than one from the bulk spam mails.
Thus, it is advisable that users should maintain up-to-date antivirus software and do not open/click e-mails/attachments.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 11-12-2009