Video Screencast Help
Security Response

Zeus Trojan Catches Swine Flu

Created: 01 Dec 2009 18:53:34 GMT • Updated: 23 Jan 2014 18:30:57 GMT
Hon Lau's picture
0 0 Votes
Login to vote

Piggybacking (pun intended) on the swine flu pandemic is the Zeus bot crew, whose latest offering comes in the guise of an email purporting to come from the CDC (Center for Disease Control). The email contains a link to a bogus Web page that is made to look like an official CDC page.
The content of the page asks you to create a profile that will then enable you to get the H1N1 flu vaccine.
The subject lines used in the emails are quite variable; for example, the following have been seen:

•        Instructions on creation of your personal Vaccination Profile

•        Governmental registration program on the H1N1 vaccination

•        Your personal Vaccination Profile

The domain used in these email links has the format of[RANDOM CHARS].[TLD NAME].im
For example:




As is usually the case with these campaigns, the URL that is supposed to be a document actually leads to an executable file. This one is named vacc_profile.exe and is detected by Symantec as Infostealer.Banker.C. Incidentally, the URL is also “personalized” with the email address of the recipient to make it look that little bit more authentic and less like mass-mailed spam.
For those who are concerned about H1N1 (Swine Flu) they should read the information available from the legitimate CDC source.