E-mail solicits recipients to create CDC Vaccination Profiles.
Example: [Collected via e-mail, November 2009]
You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people. Create your Personal H1N1 Vaccination Profile using the link:
create personal profile
Swine flu is currently a strong concern among many people, especially with the vaccine's being difficult to obtain in many places. Therefore, an e-mail
like the one displayed above (which was spammed to many recipients in December 2009), seemingly originating with the Centers for Disease Control (CDC) and informing readers that they must go to the CDC's web site to create a "Personal H1N1 Vaccination Profile," was bound to catch people's attention.
However, this message is just a phishing lure and did not originate with the CDC: That organization does not send out unsolicited e-mail,
there is no requirement that everyone under 18 register a personal vaccination profile with the CDC, and the return address on the messages uses an apparently non-existent
domain (cdcdelivery.gov). Clicking through on the "create personal profile" link provided takes the user to a phony CDC look-alike site within the .IM (Isle of Man) domain, which offers a page that includes a "Download Archive" link which (if clicked) triggers an executable file:
Activating that file results in the installation of malware
which gives scammers access to the user's computer:
The link provided in the email takes you to a very convincing imitation of a CDC web page where you are given a temporary ID and a link to your "vaccination profile." The link is in fact to an executable file that contains a copy of a Trojan most commonly identified as Zbot. This Trojan once installed on your PC, this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization. It also enables a remote hacker to take complete control of your computer. This malware can log your typed keystrokes and send confidential personal and financial data (including banking information, credit card numbers, and website passwords) to a remote hacker.
The CDC has posted a notice
on its web site advising that:
CDC has received reports of fraudulent emails (phishing) referencing a CDC sponsored State Vaccination Program.
The messages request that users must create a personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The message then states that anyone that has reached the age of 18 has to have his/her personal Vaccination Profile on the cdc.gov site.
The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov. Users that click on the email are at risk of having malicious code installed on their system.
1 December 2009