Tweet

No one is absolutely safe from Influenza H1N1, not even world leaders.

This is the scenario painted by cybercriminals in their latest spam run. The spammed message informs recipients that the President of Peru, Alan Gabriel Ludwig García Pérez, and other attendees of the delegation of UNASUR (Union of South American Nations) summit have confirmed cases of Swine flu. Furthermore, it states that the presidents of Brazil and Bolivia were also both infected but are now recovering.

Figure 1. Sample spam

Written in Spanish, the spam attempts to stir recipients’ curiosity by saying that the incident is being kept from the public. It also urges them to click on the malicious link, which purports to contain the audio news pertaining to this incident. Instead of news, however, all victims get is an executable file (Alan.Gripe.Porcina.mp3.exe) detected by Trend Micro as TSPY_BANCOS.AEM. BANCOS variants are known for its info-stealing capabilities.

Figure 2. Screenshot of the executable file

In the past, Trend Micro has written about malware attacks that hitchhiked on swine flu in the following blog posts:

• Scammers Ride on H1N1 Global Pandemic
• Yet More Swine Flu Attacks
• Waledac Turns to Cash and Vaccines
• Swine Flu Spam Attempt to Infect Japanese Users
• Swine Flu Outbreak Hits The Web Through Spam

Trend Micro already blocks and detects the malicious URL and file via its Trend Micro Smart Protection Network. Users are advised to be wary in clicking on URLs in messages from unknown senders.