Phishing Attacks Exploit Swine Flu Scare
The recent outbreak of influenza A N1H1, otherwise known as swine flu, has spurred a tidal wave of spam as cybercriminals leverage users' fears to propel social engineering attacks. Those attacks include reports and videos impersonating legitimate news sources and health organization advisories that purport to inform users of the swine flu epidemic or offer discounts on vaccinations and other pharmaceuticals. In fact, spam messages are designed to entice users to submit financial or personal information that will be used in identity theft activities.
Security experts maintain that the recent wave of swine flu spam is a continuation of spam and phishing trends that use high-profile media events to entice victims to click on infected links and download malicious files.
"Spam is an ongoing problem. It's impossible to eliminate the criminal motives," said George Schlossnaggle, president and CEO of Message Systems. "And with technological advances, it's hard to both catch the criminals as well as inhibit them and make their activity less profitable."
In addition, McAfee researchers said in a recent blog post that attackers have launched numerous swine flu spam campaigns that lure users with subject lines suggesting that numerous celebrities, including President Barack Obama, Madonna and Salma Hayek, have been infected with the swine flu. Links contained in the messages then redirect users to other sites with Chinese and Russian domains that claim to offer remedies for the disease, which users can "purchase" online. In reality, attackers behind the malicious sites will harvest the submitted credit card information to use in identity theft schemes or sell on the underground market, experts say.
In addition to spam campaigns, McAfee researchers said that numerous Web sites with the words "swine" and "flu" were found to be pushing malware. "Malware writers, spammers and scammers are lowlives," McAfee said in a blog post. "They will use any high media event or high impact news story to push their wares, including the sickness and misery of others."
Some attacks included a redirect to a Russia-based site inviting users to click on a fake video codec that launches malicious code on a victim's computer, McAfee reported.
And because the swine flu outbreak is global, there are few countries that are safe from related spam and phishing attacks, security experts say. Researchers at McAfee found that Brazil had the highest number of spam incidents using either or both "swine" and "flu" in the subject lines, followed by the U.S., Germany, Russia and India.
Researchers at Trend Micro reported that one attack, targeting Japanese users, used spammed e-mail messages with the subject, "Warning of Swine Flu." The phishing attack claims to be from the National Institute of Infectious Diseases, and encourages users to open an infected .ZIP file to "learn" more about the pandemic. However, once opened, the file drops a malicious executable on users' computers to steal information.
Another attack, reported by researchers at Symantec, informed recipients of the swine flu disaster by incorporating a linked news headline from reputable news agencies. Users are asked whether they are in the U.S. or Mexico and whether or not they know anybody who is affected by the outbreak. Victims are then requested to share their experiences by filling in Web application forms or replying back with their e-mails and phone numbers. However, the online questionnaire is a way for scammers to steal identifying information from unsuspecting victims.
Security experts maintain that the majority of swine flu spam is distributed by global botnets, which become more powerful as more computers are infected and incorporated into the malicious network.
"When you look at the majority of the swine flu related spam, it's coming from criminally controlled botnets. To me the real question is, how do you stop those botnets? How do you make them commercially nonviable?" Schlossnaggle said.
Schlossnaggle added that swine flu attack incidents will likely subside when the disease fades from the center of media attention.
Until then, security experts recommend that users go directly to trusted news sources for information on the swine flu virus and avoid opening unsolicited e-mail messages and links.