FYI...
H1N1 SPAM w/virus...
- http://www.f-secure.com/weblog/archives/00001734.html
July 21, 2009 - "We recently saw this malicious file being spread in emails. The name of the file was Novel H1N1 Flu Situation Update.exe and the icon made it look like a Word document file. When the file was opened, it created several new files to the hard drive:
• %windir%\Temp\Novel H1N1 Flu Situation Update.doc
• %windir%\Temp\doc.exe
• %windir%\Temp\make.exe
• %windir%\system32\UsrClassEx.exe
• %windir%\system32\UsrClassEx.exe.reg
The executables contain backdoor functionality, including an elaborate keylogger. And the document file that is dropped gets automatically opened by the malware, causing the user to think he really opened a Word file..."
- http://www.sophos.com/blogs/sophoslabs/v/post/5517
July 22, 2009
(Screenshots available at both URLs above.)