The US-CERT released an alert yesterday about a currently circulating malware threat with the H1N1 virus as the subject matter.
US-CERT is aware of public reports of a malware campaign circulating. This campaign is circulating via email messages offering information regarding the H1N1 vaccination. This email messages contain a link to a bogus Centers for Disease Control and Prevention website. Users who click on this link may become infected with malware. Public reports indicate that these email messages are noted as having subject lines such as: “Governmental registration program on the H1N1 vaccination” and “Your personal vaccination profile.” Please note that subject lines may change at any time.
US-CERT encourages users to take the following precautions to help mitigate the risks:
- Install antivirus software, and keep the signature files up to date.
- Do not follow unsolicited links and do not open unsolicited email messages.
- Use caution when visiting untrusted websites.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on avoiding social engineering attacks.
The suggestions offered match very well with the topic of my blog posting yesterday 10 Tips: Holiday greeting cards, holiday shopping and computer security awareness. Thanks for reading and let’s continue to be good network citizens! Please feel free to include your thoughts to help out other ITKE readers with reducing threats through keeping users informed about issues like this.