Email security experts at Red Condor issue a warning about latest spam campaign

Dec 3 2009

Email security experts at Red Condor today issued a warning about the latest spam campaign claiming to be from the Center for Disease Control and Prevention (CDC) and requesting that recipients complete a "Personal H1N1 Vaccination Profile." The email with the subject line "State Vaccination H1N1 Program," suggests that recipients "need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website." When users click on the embedded "Create Personal Profile" link in the email, they are sent to a page that has a CDC branded header and footer, including the Department of Health and Human Services logo. Visitors to the site are notified that their "Personal H1N1 Vaccination Profile" is an "electronic document, which contains your name, your contact details and your medical data" and needs to be downloaded. The file is actually an executable that contains a Trojan virus identified as W32/Vacc.A!tr.

"There are still a lot of questions surrounding the H1N1 virus, and people are actively looking for answers, so this latest spam campaign preys on the public's concerns," said Dr. Tom Steding, president and CEO of Red Condor. "The spam campaign is still relatively young and is going undetected by most anti-virus engines, so it is important that people simply delete these messages and notify their IT administrators of the threat. Regardless of the nefarious spam campaign, people should continue to turn to the CDC.gov website as a trusted source for information on the virus."