Symantec Corp. and several other security vendors are tracking a spam wave taking advantage of the swine flu outbreak to trick victims into giving up information or downloading a malicious file.
To get security news and tips delivered to your inbox,
One of the more serious spam messages contain a malicious PDF file that purports to provide information about the swine flu. If a victim opens the file, their machine is immediately infected with at Trojan that tries to steal sensitive data, said Kevin Haley, director of security response at Symantec. The Trojan, Bloodhound.Exploit.6, was discovered in 2004 and can be detected by most antivirus vendors.
"Protect yourselves and your computer from the human swine that prey on our desire for information to keep us healthy," Haley wrote in the Security Response blog post on malicious code authors jumping on the swine flue bandwagon.. "Keep your security software up to date, keep your systems patched, and be suspicious of unsolicited email that talks about topical subjects."
The tactic of using a major event in spam messages has been used incessantly over the years. Spammers have used the Iraq War, the Sept. 11, 2001 terrorist attacks and other global disturbances to trick recipients into reading and clicking on malicious links. Experts say the best defense is to use antivirus, educate end users to avoid opening messages from unknown sources, or at a minimum, that they don't click on the links or open files the messages contain.
The latest swine flu related messages also attempt to collect email addresses, possibly for use in future campaigns, noted Mayur Kulkarni of Symantec's email security group in Symantec's Security Response blog.
A sample collected by Symantec found that some messages contained legitimate links to news headlines from reputable news agencies. The spam message links to a form for users to share if they have been personally affected by the flu outbreak, prompting them to give up an email address and phone number.
Security researchers at messaging security vendor Cloudmark Inc. said swine flu related emails spiked almost immediately after news reports about the outbreak in Mexico became public. Messages streamed into more than 20,000 Cloudmark desktop users in one day, the company said.
Romana Ward of UK-based SophosLabs discovered swine flu comment spam messages urging members of a Russian pharmaceutical network to sell a cure for the disease. The network sells legitimate generic drugs. The message urges affiliates to add Oseltamivir, a generic form of Tamiflu, to their store catalog. A similar campaign was waged during the bird flu outbreak, Ward said.