SPAM and Malware taking advantage of H1N1 concerns

Published: 2009-12-02
Last Updated: 2009-12-02 18:06:25 UTC
by Rob VandenBrink (Version: 1)
1 comment(s)

Gary writes in, telling us of a recent spike in SPAM with a title similar to "“State Wide H1N1 Vaccination Program", which pretends to originate from the CDC (Center for Disease Control).  The email goes on to instruct you to "follow this link to create a vaccination profile on the CDC website".

Needless to say, this email is a fake, it redirects you to a site in the Ukraine, and plants malware on your PC.  The URL is "http://online.cdc.gov, followed of course by the real domain name,  six or seven digits of seemingly random characters.

You do not need to register with the CDC to receive a vaccine for the H1N1 strain of influenza

There's also a rise in fake H1N1 sites using other vulnerabilties to compromise your PC, including the recent Adobe issues.

It never ceases to amaze me the depths that these "malware folks" will stoop to. 

If you are following a link in your email - always check to see that it's taking you where you think you are going before you click it.  Copy and paste it through your clipboard, or rekey the link entirely in your browser.  This kind of deception is just so prevalent that clicking links in a received note is simply not safe!

1 comment(s)

Comments

iTinker writes with more information on the website behind this spam.

The site uses a hidden iframe on the first page, which opens another site with 2 other iframes, one with a boobytrapped PDF, and one with a javascript infector, both using the adobe exploits we referenced.

This "russian doll" iframe approach is currently seeing a lot of popularity, as it has a lot of success against many of today's filters and detectors.

Diary Archives