Cybercriminals are once again taking advantage of a world-wide news event, to seed their Trojans, said Guillaume Lovet senior manager, threat response team, EMEA Fortinet Technologies. This has happened with every single major news piece since at least 2005, ranging from the Katrina hurricane to Barack Obama's election, along with the bird flu alerts of 2006.

The social engineering trick is reportedly not only used in pure executable Trojan distribution campaigns (a la "click me"), but also in search engine optimization attacks (aka SEO attacks); in those, cybercriminals register domains related to the news event, and "game" the search engines site-ranking algorithms to have their domains displayed among the first ones when users search for info on the event. Those domains may be loaded with browser exploits attempting to silently push trojans on the visitors systems, or may be pure opportunist sites, asking for donation or selling "advice".

In the swine flu specific case, Fortinet noted the distribution of malicious PDF files, which fits well with a persistent trend for over a year: Cybercriminals "bet" on the fact that people, after being fed with so many "do not click on untrusted executable files" user education campaigns, will not be wary of documents (which are, by essence, not-executable).

“This has happened in the past, and will happen in the future: we must get used to the fact that all significant news events, including natural or health catastrophes, will spawn their lot of malware and profiteers,” Lovet said, adding that good practice (up-to-date antivirus definitions and patched software) helps make one immune to a great part of those, “For instance, the swine flu malicious PDF mentioned will be absolutely innocuous provided your PDF-reading software is up-to-date: Adobe did release a patch for the targeted flaw in March.”