Fresh in one of my inboxes:
You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link:
Create Personal Profile
Centers for Disease Control and Prevention (CDC) · 1600 Clifton Rd · Atlanta GA 30333 · 800-CDC-INFO (800-232-4636)
The link goes to:
The download file, vacc_profile.exe is, according to Virustotal.com only recognized by 5 vendors/programs as I write this:
AntiVir (“TR/Crypt.XPACK.Gen”), Kaspersky (“Packed.Win32.Krap.ae”), McAfee+Artemis (“Artemis!C2B6CB233320”), McAfee-GW-Edition (“Heuristic.BehavesLike.Win32.Trojan.H”)and NOD32 (“a variant of Win32/Kryptik.BFV”).
Hosted on a botnet. One example of overlapping with alliance-leicester phishing according to bfk.de:
online.cdc.gov.yttt4l.org.im A 18.104.22.168 online.cdc.gov.yttt4r.org.im A 22.214.171.124 online.cdc.gov.yttt4l.im A 126.96.36.199 online.cdc.gov.yttt4l.com.im A 188.8.131.52 online.cdc.gov.yttt4r.com.im A 184.108.40.206 www.mybank.alliance-leicester.co.uk.iksadh.co.im A 220.127.116.11 online.cdc.gov.yttt4l.co.im A 18.104.22.168 online.cdc.gov.yttt4r.co.im A 22.214.171.124 online.cdc.gov.yttt4r.im A 126.96.36.199 online.cdc.gov.yttt4l.net.im A 188.8.131.52 online.cdc.gov.yttt4r.net.im A 184.108.40.206
Phishtank has seen irs phishing today:
Several other “overlaps” as well, ally is another example.
See also the InboxRevenge Forum: