Fake Presidential Swine Flu Stories Lead to Malware

Written by: Bernadette Caraig

How does this threat get into users' systems?

Spammed messages informing users that attendees of the Union of South American Nations confirmed cases of swine flu. These then urged recipients to click a link that connected to an audio file that contained supposed news related to the incident.

How does this threat affect users?

Clicking the embedded link connected to a malicious URL where users were prompted to download the file, Alan.Gripe.Porcina.mp3.exe, which is detected as TSPY_BANCOS.AEM. 

How does this threat make money for its perpetrators?

TSPY_BANCOS.AEM steals financial information that it then sent it to a remote URL via HTTP POST.

What is the driving force behind this threat?

The driving force behind this threat is financial gain, as the perpetrators could sell the stolen data to the highest bidders in underground forums or use this for their own personal gain.