With the Swine Flu H1N1 pandemic still ongoing, otherwise known as H1N1 influenza A, it is no surprise that malware creators are taking advantage of its global panic as another fear tactic to continue infecting computer users with malware. There have been numerous attempts to lead Internet users astray by playing on their fears regarding the sickness.
Now there is yet another malware directly exploiting the current medical media buzz. Searching the Internet for information on the influenza strain in question will undoubtedly lead you to a file called "Novel H1N1 Flu Situation Update". Opening this file will reveal a Word document plastered with basic data and diagrams discussing the Swine Flu pandemic.
Unfortunately, while you are busy reading through the information supplied in this Word document, an electronic infection is now spreading through your computer system. The file that you may have opened is actually a self-extracting zip file. Not only does the zip file drop "Novel H1N1 Flu Situation Update.doc", but it drops two executable files in the same location called UsrClassEx.exe and UsrClassEx.exe.reg.
The registry file is executed in order to inform your computer to begin running UsrClassEx.exe every time Windows starts up, and the reason it wishes to perform this task is due to the fact that this file is a password-stealing Trojan. A Trojan currently classified as Troj/Agent-KPU. Not only does this nasty little virus crack password security, even those you may have thought were safe and encrypted, it also serves as a keylogger, monitoring and recording every key you press and compiling information based around web-surfing activities, search parameters performed, usernames and passwords on various accounts and most importantly, personal and financial information.
Once this file has gathered all the relevant data and stored it in a file called kklog, it is then uploaded to a malicious web site periodically. If you are truly interested in learning more on the current situation of the Swine Flu pandemic, you should pay a visit to the official CDC site. This is where it would appear the information on the "Novel H1N1 Flu Situation Update" Word document was originally stolen from.