Swine flu spam could sicken your computer: security firms
Last Updated: Wednesday, April 29, 2009 | 4:59 PM ET
CBC News
Related
Internal Links
External Links
- Adobe: Information about the security patch
- Symantec: Malware security blog
- Symantec: Spam blog
- Symantec: Infostealer technical details
- Websense
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Criminals are exploiting fears about swine flu in order to distribute malicious computer code and steal personal information, an internet security firm reports.
A document titled "Swine influenza frequently asked questions.pdf" is circulating on the internet as an email attachment and being used to drop malware on computers, Symantec Security Response reported on its malware security blog Wednesday. The document had been detected the day before.
When it is opened, it contains real questions and answers about swine flu.
"Unfortunately, if you get this far, you've been infected," the blog said.
This malicious .pdf file, which is known to security experts as Bloodhound.Exploit.6, takes advantage of an old Adobe vulnerability to drop a malicious "infostealer" file on the user's computer, Symantec said.
"We see so many of those and all they're doing is they're trying to steal your personal information, like you're credit card number, your online bank credentials," Marc Fossi, manager of security response at Symantec, said Wednesday.
The company's website describes infostealers as Trojans (malware disguised as legitimate files) that may log key strokes, capture screen shots or monitor internet activity in order to gather information.
Patch prevents infection
Infection can be prevented by applying an Adobe patch.
So far, samples of the document are "extremely limited," Symantec reported.
Fossi said that's largely because the type of malicious code involved cannot spread in an automated fashion like a worm. He said the problem is nothing to panic about at the moment.
However, the company is warning users to be cautious about unexpected emails and to avoid opening news alerts that they have not subscribed to, especially if they contain suspicious links or attachments.
Fossi said spammers and malicious code authors often use current events like the economic situation and the U.S. presidential election in the fall, holidays such as Christmas and Valentine's Day, or sports events such as the Beijing Olympics to catch the attention of computer users.
With swine flu, he said, "This is something that people are a little more anxious about so they might be a little more likely to check it out." They might sort of forget some of the good habits that they would normally have."
In recent days, both Symantec and the security firm Websense have reported that spammers have been taking advantage of the buzz over swine flu by distributing unsolicited emails with swine-flu-themed subjects.
According to the Symantec blog, some of them include the question: "Are you in Mexico or the US? Do you know someone who has been affected" and then prompt the recipient to click on a link and fill in a form or reply with personal information such as a name, email address, address and phone number.
Symantec suggested that might be "part of a harvest for their [spammers'] future campaigns."
Ads tout swine flu meds
Websense reported that it has detected tens of thousands of emails a day over the past few days with subject lines advertising swine flu medications and antibiotics. However, as of Tuesday afternoon, they did not include links or malware, just advertisements for pharmaceuticals.
"They're simply an annoyance," said Stephan Chenette, manager of security research at Websense.
However, he warned that new categories of spam often eventually end up carrying links to malicious websites that may be disguised as legitimate ones.
Symantec has also detected a lot of bulk swine flu emails that contain no links or malware and don't seem to even be selling anything.
"They're just trying to put some scare into people," Fossi said. "It's sort of rabble-rousing or something along those lines."
Chenette said that another trend Websense has noticed is that web domain names containing "swine flu" are being registered. The company said it is monitoring those.
"Right now they're not used for anything, but it leads us to believe that at some point, they're either going to be used for spamming purposes, perhaps advertisements or even greater malicious use."
Share Tools
Top News Headlines
- Everest victim's husband says family not seeking government help
- The husband of a Toronto woman who died trying to climb Mt. Everest on Saturday says his family is not seeking government help to cover the cost of bringing his wife's body home. more »
- Henrique's OT goal sends Devils into Stanley Cup final
- The New Jersey Devils will vie for a potential fourth Stanley Cup in franchise history after completing a six-game series win Friday night over the New York Rangers in the Eastern Conference final, courtesy of rookie Adam Henrique's goal early in overtime. more »
- Employment Insurance review boards to be scrapped
- The federal government is scrapping two review boards used by people appealing decisions made about their employment insurance. more »
- Teens share bullying tales in confession booth
- Raw stories about bullying emerged when a video booth was set up inside a Quebec high school. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's husband says family not seeking government help
- Reclaiming the dead on Mt. Everest
- Employment Insurance review boards to be scrapped
- Teens share bullying tales in confession booth
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- Brave cat makes epic leap of faith
- What a Greek euro exit could mean for Canada
- Double-lung recipient dances on Ellen show
