Science

Swine flu spam could sicken your computer: security firms

Criminals are exploiting fears about swine flu in order to distribute malicious computer code and steal personal information, an internet security firm reports.

Criminals are exploiting fears about swine flu in order to distribute malicious computer code and steal personal information, an internet security firm reports.

Top 10 swine flu spam subject lines detected by Symantec Security

  1. Swine flu in USA.
  2. Salma Hayek caught swine flu!
  3. US swine flu statistics.
  4. Swine flu in Hollywood!
  5. NY victims of swine flu.
  6. Swine flu worldwide!
  7. Madonna caught swine flu!
  8. First US swine flu victims!
  9. Will swine flu attack USA?
  10. US swine flu fears.

A document titled "Swine influenza frequently asked questions.pdf" is circulating on the internet as an email attachment and being used to drop malware on computers, Symantec Security Response reported on its malware security blog Wednesday. The document had been detected the day before.

When it is opened, it contains real questions and answers about swine flu.

"Unfortunately, if you get this far, you've been infected," the blog said.

This malicious .pdf file, which is known to security experts as Bloodhound.Exploit.6, takes advantage of an old Adobe vulnerability to drop a malicious "infostealer" file on the user's computer, Symantec said.

"We see so many of those and all they're doing is they're trying to steal your personal information, like you're credit card number, your online bank credentials," Marc Fossi, manager of security response at Symantec, said Wednesday.

The company's website describes infostealers as Trojans (malware disguised as legitimate files) that may log key strokes, capture screen shots or monitor internet activity in order to gather information.

Patch prevents infection

Infection can be prevented by applying an Adobe patch.

So far, samples of the document are "extremely limited," Symantec reported.

Fossi said that's largely because the type of malicious code involved cannot spread in an automated fashion like a worm. He said the problem is nothing to panic about at the moment.

However, the company is warning users to be cautious about unexpected emails and to avoid opening news alerts that they have not subscribed to, especially if they contain suspicious links or attachments.

Fossi said spammers and malicious code authors often use current events like the economic situation and the U.S. presidential election in the fall, holidays such as Christmas and Valentine's Day, or sports events such as the Beijing Olympics to catch the attention of computer users.

With swine flu, he said, "This is something that people are a little more anxious about so they might be a little more likely to check it out." They might sort of forget some of the good habits that they would normally have."

In recent days, both Symantec and the security firm Websense have reported that spammers have been taking advantage of the buzz over swine flu by distributing unsolicited emails with swine-flu-themed subjects.

According to the Symantec blog, some of them include the question: "Are you in Mexico or the US? Do you know someone who has been affected" and then prompt the recipient to click on a link and fill in a form or reply with personal information such as a name, email address, address and phone number.

Symantec suggested that might be "part of a harvest for their [spammers'] future campaigns."

Ads tout swine flu meds

Websense reported that it has detected tens of thousands of emails a day over the past few days with subject lines advertising swine flu medications and antibiotics. However, as of Tuesday afternoon, they did not include links or malware, just advertisements for pharmaceuticals.

"They're simply an annoyance," said Stephan Chenette, manager of security research at Websense.

However, he warned that new categories of spam often eventually end up carrying links to malicious websites that may be disguised as legitimate ones.

Symantec has also detected a lot of bulk swine flu emails that contain no links or malware and don't seem to even be selling anything.

"They're just trying to put some scare into people," Fossi said. "It's sort of rabble-rousing or something along those lines."

Chenette said that another trend Websense has noticed is that web domain names containing "swine flu" are being registered. The company said it is monitoring those.

"Right now they're not used for anything, but it leads us to believe that at some point, they're either going to be used for spamming purposes, perhaps advertisements or even greater malicious use."