July 22, 2009, 7:17 AM — E-mail users eager to learn the latest on the Swine Flu H1N1 will get more than they bargained for should they open a file contained in a e-mail that’s currently circulating on the Internet.
According to a Wednesday blog post on security vendor Sophos’ Web site, this latest spam scam includes a file called “Novel H1N1 FLU Situation Update,” which is a Word document that appears to be from the Center of Disease Control and Prevention. The document includes a map showing how the flu has spread across the country.
Unsuspecting users who open this document will have also opened a self-extracting zip file and installed the Word document to their temp folder, as well as an executable file called doc.exe. That executable installs a series of other files including a registry file that tells the PC to run a Trojan program every time the computer is booted.
The Trojan steals passwords, including encrypted ones, and runs a keylogger that records the user’s every keystroke and mouse click, sending that information to a Web site for safekeeping.
It’s another example of spammers using current events to steal information from e-mail users. This campaign is ironic since it purports to warn people about the spread of a human virus while installing a computer one.
Do you tweet? Follow me on Twitter here.
