Spammers Speak of Swine Flu-Infected South American Presidents

Security researchers from antivirus vendor Trend Micro report that malware distributors have resorted to a swine flu-related theme for their campaign again. Spam emails written in Spanish and linking to an information-stealing trojan claim that the presidents of several South American countries have been diagnosed with the virus.

Taking advantage of the increased public interest towards the recent Union of South American Nations (UNASUR) Summit, cybercrooks have launched a new malware-distribution spam campaign. To make the emails more appealing, another subject of interest in South America, the Influenza H1N1 (swine flu), has been thrown in the context.

"The spammed message informs recipients that the President of Peru, Alan Gabriel Ludwig García Pérez, and other attendees of the delegation of UNASUR (Union of South American Nations) summit have confirmed cases of Swine flu. Furthermore, it states that the presidents of Brazil and Bolivia were also both infected but are now recovering," Mary Bagtas, anti-spam research engineer, warns.

The spam campaign seems to target Spanish-speaking users and, to make potential victims even more curious, it claims that significant efforts are being made to keep the incident hidden from the public. The messages contain a link to an alleged audio file giving more details about it, but instead it points to an executable file called Alan.Gripe.Porcina.mp3.exe.

Attempting to run this file is not a good idea, as it is actually a banking trojan detected by Trend as TSPY_BANCOS.AEM. The Trojan monitors Internet Explorer activity and looks for browsing sessions on sites associated with Banco Bradesco, also known as Banco Brasileiro de Descontos (the Brazilian Discount Bank). If such sessions are detected, it intercepts login credentials and uploads the captured information to a third-party server controlled by the attackers.

At the beginning of the swine-flu outbreak, when the interest in the subject was very high, cybercriminals used this theme in their blackhat SEO and spamming campaigns. Claims that celebrities had been infected with the virus abounded and some of the popular names included Salma Hayek or Madonna.