Junk mailers exploit swine flu

Published 21 July 2009

Junk mailers send unsuspected users a Word document posing as a CDC update on the global spread of swine flu; if users open the document, they release a malicious code

A Trojan, containing backdoor and keylogger functionality, poses as a Word document from the U.S. Center of Disease Control (CDC) giving information about the disease. The infectious file — Novel H1N1 Flu Situation Update.exe — appears with an icon that makes it look like a Word document file. Users tempted to open the booby-trapped file are presented with a document. Meanwhile the malicious code does its mischief in the background, as explained in a write-up, containing screenshots, by net security firm F-Secure. F-Secure classifies the Trojan as Agent-AVZQ.

John Leyden writes that junk mailers were quick to latch onto earlier media hype about the swine flu epidemic to promote websites selling dodgy pharmaceuticals. Agent-AVZQ is the first incident we’ve come across that uses the increased hype about pig plague to promote malware. Using events in the news to spice up malware threats has been the stock in trade of VXers for years.