An e-mail referencing a vaccine for swine flu is circulating that includes a link to a malicious file on a Mexican Web site that is designed to steal bank log-in information, security firm SonicWall said on Friday.
The e-mail, which is in Spanish, has a link to the Qhost.NJI Trojan on a Web site that appears to be legitimate but has probably been hacked, said Nick Bilogorskiy, manager of antivirus research at SonicWall.
The Trojan, an executable file coded in Visual Basic, changes the host file on Windows computers so that if the computer is used to visit certain domains of Mexican banks the PC is redirected to itself without the user knowing it and the Trojan steals any log-in data that is typed, Bilogorskiy said.
, Symantec said a malicious PDF had been discovered that masqueraded as a frequently-asked-questions document related to the outbreak. And there have been numerous reports of spam using swine flu-related subject lines that lure people to pharmaceutical sites, security firms have reported.