State Vaccination Program – infects you with vacc_profile.exe

Fresh in one of my inboxes:

You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link:
Create Personal Profile

Centers for Disease Control and Prevention (CDC) · 1600 Clifton Rd · Atlanta GA 30333 · 800-CDC-INFO (800-232-4636)

The link goes to:
http://online.cdc.gov.yttt4l.co.im/h1n1flu/profile.php%5Betc%5D
The download file, vacc_profile.exe is, according to Virustotal.com only recognized by 5 vendors/programs as I write this:
AntiVir (“TR/Crypt.XPACK.Gen”), Kaspersky (“Packed.Win32.Krap.ae”), McAfee+Artemis (“Artemis!C2B6CB233320”), McAfee-GW-Edition (“Heuristic.BehavesLike.Win32.Trojan.H”)and NOD32 (“a variant of Win32/Kryptik.BFV”).

Hosted on a botnet. One example of overlapping with alliance-leicester phishing according to bfk.de:

online.cdc.gov.yttt4l.org.im	 A 	41.248.217.83
online.cdc.gov.yttt4r.org.im	 A 	41.248.217.83
online.cdc.gov.yttt4l.im	 A 	41.248.217.83
online.cdc.gov.yttt4l.com.im	 A 	41.248.217.83
online.cdc.gov.yttt4r.com.im	 A 	41.248.217.83
www.mybank.alliance-leicester.co.uk.iksadh.co.im	 A 	41.248.217.83
online.cdc.gov.yttt4l.co.im	 A 	41.248.217.83
online.cdc.gov.yttt4r.co.im	 A 	41.248.217.83
online.cdc.gov.yttt4r.im	 A 	41.248.217.83
online.cdc.gov.yttt4l.net.im	 A 	41.248.217.83
online.cdc.gov.yttt4r.net.im	 A 	41.248.217.83

Phishtank has seen irs phishing today:
http://www.phishtank.com/phish_detail.php?phish_id=875991
(http://www.irs.gov.yttt4l.co.im/fraud_application/directory/statement.php)

Several other “overlaps” as well, ally is another example.

See also the InboxRevenge Forum:
http://ksforum.inboxrevenge.com/viewtopic.php?f=13&t=3433

Advertisements
Posted in malware, bots. Comments Off on State Vaccination Program – infects you with vacc_profile.exe
%d bloggers like this: