Swine flu e-mail in Spanish links to data-stealing Trojan

Security firm SonicWall says a new swine flu-related e-mail in Spanish includes a link to a Trojan that is designed to steal log-in data if the user tries to access certain Mexican bank Web sites.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

An e-mail referencing a vaccine for swine flu is circulating that includes a link to a malicious file on a Mexican Web site that is designed to steal bank log-in information, security firm SonicWall said on Friday.

The e-mail, which is in Spanish, has a link to the Qhost.NJI Trojan on a Web site that appears to be legitimate but has probably been hacked, said Nick Bilogorskiy, manager of antivirus research at SonicWall.

The Trojan, an executable file coded in Visual Basic, changes the host file on Windows computers so that if the computer is used to visit certain domains of Mexican banks the PC is redirected to itself without the user knowing it and the Trojan steals any log-in data that is typed, Bilogorskiy said.

Earlier in the week, Symantec said a malicious PDF had been discovered that masqueraded as a frequently-asked-questions document related to the outbreak. And there have been numerous reports of spam using swine flu-related subject lines that lure people to pharmaceutical sites, security firms have reported.

One of the latest outbreak-related phishing attempts includes a link to a data-stealing Trojan. SonicWall

This is the main page of the site that the malware is on, but SonicWall says the site is legitimate and was probably hacked. SonicWall