Personal H1N1 Vaccination Profile Phishing

Personal H1N1 Vaccination Profile Phishing

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Phishers are targeting the customers of banks and online payment services. E-mails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers.

Attackers who broke into TD Ameritrade’s database (containing all 6.3 million customers’ social security numbers and very sensible information) also wanted the account usernames and passwords, so they launched a follow-up spear phishing attack.

If you receive an email announcing the launching of a State Vaccination H1N1 Program and advising you that you need to create your personal H1N1 (swine flu) vaccination program on the website of the Centers for Disease Control, delete it. It’s a scam.

Dropping malware like this:

vacc_profile.exe
File size: 130048 bytes
MD5 : 5767b2c6d84d87a47d12da03f4f376ad

The email carried links to download to create your “patient profile” which is actually a phishing attack and a Trojan horse program sent out by people who define themselves hackers, but they haven’t any ethic. Crackers nothing else.