CDC Phishing Email
GSA Reference Number: AD091203-01
Simply Put: A fraudulent email is currently circulating that appears to be from the Center for Disease Control (CDC). The email scam informs recipients that they need to register with the CDC due to the launch of a ficticious “State Vaccination H1N1 Program.” There is a link in the email that will forward users to a fake website that will actually install the ZeuS Trojan.
Attack Details: The email appears to be from the CDC and the subject of the email states “Government registration program on the H1N1 vaccination” or “Create your personal Vaccination Profile.” The email also includes a link to create your personal profile, which instead links to a fake, malicious website. This site attempts to exploit a recent Adobe software vulnerability to install the ZeuS Trojan. This Trojan is considered “crimeware” and will attempt to steal website credentials. More information on the Trojan can be found here.
Countermeasures: Users should be notified of the email immediately and informed to delete the email. Any currently infected machines should be removed from the network and the necessary incident response measures enacted. Gladiator is adding recognition patterns to our eShield email service to deny emails matching the current phishing scheme and will continue to block sites at the firewall if they are found to be hosting this scam.
Reference Links:
- CDC Phishing Advisory (http://www.cdc.gov/hoaxes_rumors.html)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=7678)