Fake Presidential Swine Flu Stories Lead to Malware

No one is absolutely safe from Influenza H1N1, not even world leaders.
This is the scenario painted by cybercriminals in their latest spam run. The spammed message informs recipients that the President of Peru, Alan Gabriel Ludwig García Pérez, and other attendees of the delegation of UNASUR (Union of South American Nations) summit have confirmed cases of Swine flu. Furthermore, it states that the presidents of Brazil and Bolivia were also both infected but are now recovering.

Figure 1. Sample spam
Written in Spanish, the spam attempts to stir recipients’ curiosity by saying that the incident is being kept from the public. It also urges them to click on the malicious link, which purports to contain the audio news pertaining to this incident. Instead of news, however, all victims get is an executable file (Alan.Gripe.Porcina.mp3.exe) detected by Trend Micro as TSPY_BANCOS.AEM. BANCOS variants are known for its info-stealing capabilities.

Figure 2. Screenshot of the executable file
In the past, Trend Micro has written about malware attacks that hitchhiked on swine flu in the following blog posts:

Scammers Ride on H1N1 Global Pandemic
Yet More Swine Flu Attacks
Waledac Turns to Cash and Vaccines
Swine Flu Spam Attempt to Infect Japanese Users
Swine Flu (continue reading...)