About five per cent of global spam volume now mentions swine flu in the subject line – totting up to billions of messages every day, according to the software technology company McAfee. In the guise of seemingly innocuous links offering preventive tips to combat the flu, these digital creepy crawlies, encoded into malicious data stealing programmes, will install themselves in your PC, scan your hard disk for personal data and revert to the malware writer.
The last scams of such proportions were post-26/11 and during the U.S. presidential race. This sort of subterfuge is termed “social engineering” – security parlance for using current events to beguile the hapless netizen.
Not surprisingly, spammers sprang into action on April 23 just days after the swine flu outbreak was first reported. Though the problem is global in nature, McAfee has traced more than half of the total volume to Brazil, the United States and Germany. While some e-mails offer links to pharmaceutical sites and information on drugs for treatment, others are simply news reports and links or FAQ files.
Symantec Security Response spotted an Adobe PDF document titled “Swine influenza frequently asked questions.pdf.” The problematic code has been detected as Bloodhound.Exploit.6, which contains an “Infostealer” file which is downloaded onto the system. Wary of fuelling panic surrounding this “sensitive situation,” a Symantec executive explains: “When users attempt to access the PDF file, malcode (which is simply a set of software instructions) within the PDF attempts to exploit an old Adobe vulnerability (BID 33751) in order to drop malware on the local computer.”
Further, a blog on the Symantec Official website refers to another campaign where the e-mail uses linked news headlines from reputed news agencies and seeks responses and user experiences to be filled in a form (with URL provided) or asks readers to write back with their e-mail address and phone number. “This time around it is an e-mail address that the spammers are more interested in collecting — perhaps as part of a harvest for their future campaigns,” the blog states.
In an e-mail response to The?Hindu, Prabhat Singh, senior director at McAfee Avert Labs, said domain names related to swine flu were being snapped up to host malware, launch spam and phishing attacks. The number of such sites has increased 30-fold over four days, experts claim. “In one case, a Russia-based site instructs the visitor to install a ‘video codec’ to view a movie. This isn’t a real codec to allow viewing; instead, it is malicious software that puts the victim’s computer at the beck and call of the attacker,” Mr. Singh explained.
Experts advise computer users to keep all security and other software up to date and avoid opening files and e-mails from unknown sources. “Malware writers, spammers and scammers are lowlives using any high impact news story to push their wares. Users should not follow links that arrive in spam, instant messages or on social networking web sites. If they need any information on the flu situation, they can go to the World Health Organisation website or any reputable source,” Mr. Singh said.
SOURCE : http://www.hindu.com/2009/05/24/stories/2009052456051500.htm