NEWS FROM THE LAB - Monday, May 4, 2009

H1N1 Domains Posted by Sean @ 15:18 GMT

As a follow up to last Monday's post, here is a list of domains registered over the weekend using the words swine flu.

There are 1,344 on the list. Again, so far, none of the domains we've checked are hosting any malicious files.

In fact, the only malicious file we've seen is something that Symantec posted about last week.

It's a PDF "Swine Flu FAQ" exploit which drops a password stealer and then opens a clean PDF file as a decoy.

PDF based exploit using swine flu FAQ

One interesting thing about the exploit that hasn't been mentioned yet is the file name, The Association of Tibetan journalists Press Release.pdf.

Tibet themed exploits are very popular with targeted attacks.