April 27, 2009, 4:03 PM — Spammers have seized on the growing interest in news of a possible swine flu epidemic to hawk fake pharmaceuticals, security experts warned Monday.
The number of spam messages with subject headings such as "First US swine flu victims!" and "Madonna caught swine flu!" has spiked today, said Dave Marcus, director of security researcher at McAfee Inc. And no one should be surprised.
"This is the same pattern that we've seen for the last year, year-and-a-half," said Marcus, noting that domain registrations that include "swine" in their URLs are up 30-fold, and search strings that contain the words "swine" and "flu" are also on a major uptick.
"I checked earlier today, and 'swine flu' spam was a little over 2% of all spam," said Marcus. "Compare that to yesterday, when you wouldn't have seen any."
Links in the spam lead to online drug sites that Marcus characterized as "bottom-of-the-barrel feeders" that either dispense phony or adulterated medications, or simply exist to harvest credit card numbers from naive consumers. "These are the same bogus e-pharm sites that we see all the time [in spam]," Marcus said.
In a blog posting today, another McAfee researcher, Chris Barton, said to expect the pharmaceutical sites to soon start touting Oseltamivir -- the prescription antiviral drug marketed under the trade name Tamiflu.
Sophos also noted the swine flu spam blitz. In an entry to a company blog, virus researcher Fraser Howard wrote: "Surprised? We shouldn't be. Just another day in the office for spammers. Crawling news sites for suitable stories to use in campaigns is commonplace and very easy to automate."
There's no evidence that malware makers have yet jumped on the swine flu bandwagon, said Marcus. "We haven't seen that yet, but I wouldn't be surprised if they did," he said. "We might see the usual codec claims, to 'click here to see such and such a video,' but then you're told you have to download a new codec." That long-standing ploy, which often claims that the user must download an update to Adobe's Flash Player, leads to nothing of the sort, but instead installs malware on the PC.
Symantec Corp.'s researchers backed up Marcus on the malware question. "Symantec has not seen any malware using the swine flu as a theme or lure yet," a company spokesman said in an e-mail Monday morning.
The new influenza strain has been making headlines since late last week, when Mexico reported scores dead from the illness and the U.S. identified cases in several states, including California, New York and Texas.