A new malware campaign uses faked e-mails that appear to inform of H1N1 vaccination programs from the Centers from Disease Control, but actually attempts to install the Zeus Trojan.
Both McAfee and Symantec issued warnings about the toxic e-mails, which are spoofed to look like they were sent from the “Centers for Disease Control and Prevention (CDC),” according to a screen shot in McAfee’s post. Subject lines vary, but might be “Your personal Vaccination Profile” or “Governmental registration program on the H1N1 vaccination.” See either Symantec’s post or McAfee’s warning for more subject line examples and the e-mail body text.
A link in the e-mail leads to a malicious but real-looking site where victims are supposed to download a tool to create a vaccination profile (see either post above for a screen shot). The URL for the site uses the commmon tactic of starting with a genuine-looking name – in this case, online.cdc.gov… – but ending with a domain such as …yhnbad.com.im. The domain-name highlighting feature in IE8 can help foil this trick, as can the Locationbar2 add-on for Firefox.
The downloaded executable is of course the Trojan payload, which McAfee lists as a “very recent Zeus Trojan variant.” Uploading such downloaded files to Virustotal.com can help identify new malware that some malware engines might miss.