Zeus/Zbot: Méfiance quant aux emails concernant les vaccinations H1N1
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link: Create Personal Profile
Centers for Disease Control and Prevention (CDC) · 1600 Clifton Rd · Atlanta GA 30333 · 800-CDC-INFO (800-232-4636)
Si vous recevez des emails contenant les mots clefs Vaccination, H1N1, Profile, Program et qui imitent le CDC ( Centers for Disease Control and Prevention ) redoublez de prudence.
Your Personal H1N1 Vaccinating Profile is an electronic document, which contains your name, your contact details and your medical data (what kind of illnesses you have sustained in your childhood or what kind of allergy you have to some certain drug). All instructions you need are included in the archive below:
Your Temporary ID (valid for 48 hours) H1N1-1574377270
Download_Archive (130Kb) http://online.cdc.gov.****/h1n1flu/vacc_profile.exe
c2b6cb233320a638ffee3229ebfecbe7 : 2009.12.01 18:48:14 (UTC) - 7/41 (17.07%) : 2009.12.02 07:17:20 (UTC) - 16/41 (39.03%)
Exemples de sujets utilisés dans les emails:
2 ( 16) 2427 State Vaccination Program
3 ( 78) 2374 Your personal Vaccination Profile
4 ( 29) 2354 Create your personal Vaccination Profile
5 ( 36) 2326 Instructions on creation of your personal Vaccination Profile
6 ( 16) 2314 State Vaccination H1N1 Program
7 ( 25) 2267 Creation of personal Vaccination Profile
8 ( 11) 2142 Creation of your personal Vaccination Profile
9 ( 27) 2051 Governmental registration program on the H1N1 vaccination
Comme les campagnes précédentes, on observe différents fichiers et l'utilisation de FFSN ( docs: Honeynet Papers + Measuring and Detecting Fast-Flux Service Networks (Université de Mannheim) )
host -t ANY yttt4r.org.im
yttt4r.org.im has address 123.236.66.177
yttt4r.org.im has address 186.124.142.68
yttt4r.org.im has address 186.97.4.224
yttt4r.org.im has address 61.223.227.72
yttt4r.org.im has address 115.108.66.227
yttt4r.org.im has address 59.94.104.36
yttt4r.org.im has address 94.129.154.1
yttt4r.org.im has address 190.34.29.179
yttt4r.org.im has address 124.125.18.54
yttt4r.org.im has address 200.42.182.215
yttt4r.org.im has address 121.96.221.13
yttt4r.org.im has address 217.132.43.36
yttt4r.org.im has address 201.227.38.29
yttt4r.org.im has address 124.104.193.205
yttt4r.org.im has address 117.197.117.223
yttt4r.org.im name server ns1.daviesproperties.net.
yttt4r.org.im name server ns2.daviesproperties.net.
yttt4r.org.im host information "Casio" "Calculator"
yttt4r.org.im has SOA record ns2.daviesproperties.net. hostmaster.yttt4r.org.im. 10058 60 120 3600 3600
host -t ANY yhnbad.co.im
yhnbad.co.im has address 187.10.76.37
yhnbad.co.im has address 59.147.12.68
yhnbad.co.im has address 196.217.221.240
yhnbad.co.im has address 117.194.230.159
yhnbad.co.im has address 119.77.251.208
yhnbad.co.im has address 61.223.227.72
yhnbad.co.im has address 122.218.93.174
yhnbad.co.im has address 200.126.86.246
yhnbad.co.im has address 217.132.43.36
yhnbad.co.im has address 201.42.71.81
yhnbad.co.im has address 121.96.99.65
yhnbad.co.im has address 112.202.208.222
yhnbad.co.im has address 125.202.254.181
yhnbad.co.im has address 202.157.51.53
yhnbad.co.im has address 220.129.232.106
yhnbad.co.im name server ns1.a-personalhire.com.
yhnbad.co.im name server ns2.a-personalhire.com.
yhnbad.co.im name server ns1.iceagestrem.com.
yhnbad.co.im name server ns2.iceagestrem.com.
5767b2c6d84d87a47d12da03f4f376ad : 2009.12.02 07:53:47 (UTC) - 18/40 (45%)
- H1N1 Vaccination Profile – A path to infection ( Adam Wosotowsky, (McAfee Labs), December 1st, 2009 )
- Zbot's Launching of State "Vaccination" H1N1 Program ( Mary Grace Gabriel (CA Community), December 1st, 2009 )
- Malware seeding campaign leveraging vaccination profiles for the H1N1 virus ( Karine de Ponteves (Fortinet), December 1, 2009 )
- Bots Using H1N1 Fear to Distribute Malware ( Troy Gill (AppRiver), December 1, 2009 )
- Pushdo Now Delivering Flu Vaccinations ( Gavin Neale (M86 Security), December 1, 2009 )
- Fake CDC H1N1 program - New ZBot variant ( SonicWALL, December 1, 2009 )
- Fake Zbot Site Poses as CDC H1N1 Flu Vaccine Info ( Andrew Brandt (Webroot), December 1, 2009 )
- Zeus Trojan Catches Swine Flu ( Hon Lau (Symantec), December 1st, 2009 )
- Pushdo Injecting Bogus Swine Flu Vaccine ( Dancho Danchev, December 2, 2009 )
- H1N1 vaccination profile malware ( SavioL (Sophos Labs), December 2, 2009 )
- SPAM and Malware taking advantage of H1N1 concerns ( Rob VandenBrink (ISC SANS), December 2, 2009 )
- H1N1 Malware Campaign Circulating ( US-CERT.GOV, December 2, 2009 )
- CDC H1N1 Malspam Campaign ( Sean-Paul Correll (PandaLabs), December 2, 2009 )
