Spammers seize on swine flu to pitch bogus meds

Computerworld - Spammers have seized on the growing interest in news of a possible swine flu epidemic to hawk fake pharmaceuticals, security experts warned today.

The number of spam messages with subject headings such as "First US swine flu victims!" and "Madonna caught swine flu!" has spiked today, said Dave Marcus, director of security research at McAfee Inc. And no one should be surprised.

"This is the same pattern that we've seen for the last year, year and a half," said Marcus, noting that domain registrations that include "swine" in their URLs are up thirtyfold, and search strings that contain the words swine and flu are also on a major uptick.

"I checked earlier today, and 'swine flu' spam was a little over 2% of all spam," said Marcus. "Compare that to yesterday, when you wouldn't have seen any."

Links in the spam lead to online drug sites that Marcus characterized as "bottom-of-the-barrel feeders" that either dispense phony or adulterated medications, or simply exist to harvest credit card numbers from naive consumers. "These are the same bogus e-pharm sites that we see all the time [in spam]," Marcus said.

In a blog posting today, McAfee researcher Chris Barton said to expect the pharmaceutical sites to soon start touting oseltamivir -- the prescription antiviral drug marketed under the trade name Tamiflu.

Sophos PLC also noted the swine flu spam blitz. In an entry to a company blog, virus researcher Fraser Howard wrote: "Surprised? We shouldn't be. Just another day in the office for spammers. Crawling news sites for suitable stories to use in campaigns is commonplace and very easy to automate."

There's no evidence that malware makers have yet jumped on the swine flu bandwagon, said Marcus. "We haven't seen that yet, but I wouldn't be surprised if they did," he said. "We might see the usual codec claims, to 'click here to see such and such a video,' but then you're told you have to download a new codec." That long-standing ploy, which often claims that the user must download an update to Adobe's Flash Player, leads to nothing of the sort but instead installs malware on the PC.

Symantec Corp.'s researchers backed up Marcus on the malware question. "Symantec has not seen any malware using the swine flu as a theme or lure yet," a company spokesman said in an e-mail Monday morning.

The new influenza strain has been making headlines since late last week, when Mexico reported scores dead from the illness and the U.S. identified cases in several states, including California, New York and Texas.

Earlier today, the European Union's health commissioner urged Europeans to avoid traveling to Mexico or the U.S. Some companies are already urging their employees to avoid travel to Mexico.

Read more about spam, malware and vulnerabilities in Computerworld's Spam, Malware and Vulnerabilities Knowledge Center.