Major Increase in Swine Flu Domains

by Albin on May 26th, 2009 in Security Tips.

Since the outbreak of swine flu in Mexico in April, the amount of newly registered domains related to the disease has increased significantly, making hypochondriacs a potential target for villains. Playing on peoples' fear in this way is a classic example of how to perform fraud. In fact, the false propaganda on swine flu domains is comparable with the technique that fake-scanners use.  The sites are created solely to bring feelings of emergency, fear and panic to visitors, and the overall ambition is to make people pay for a product.

The majority of the biggest newspapers are using outstanding headlines to refer to the current swine flu outbreak. Scam site creators read the news, and register/buy a potentially high target domain name. Lavasoft Malware Labs has collected material which helps to prove this theory. We started by looking for domains containing the keyword “swineflu” to find potential threats.

The graph shows a peak of 276 newly registered “swineflu” domains as of 2009-04-27.

The peak occurred a few days after the official news of the first infected victim. After 2009-05-01, there has been a massive decrease. The “bad guys” most likely no longer see this as a big business opportunity as headlines referring to swine flu are declining in the daily news.

It need to be mentioned that several sites we have been looking at have been legitimate and only informational. We also found a number of domains which were suspect and could be classified as scam sites. The suspect sites had one thing in common: visitors were attracted to a purchase site in the same way as fake “VIAGRA” sites rope in victims.

Here is an example of a suspect domain:

The headline clearly targets people who are afraid or believe they might be in a risk zone for swine flu.

This vendor distributes a swine flu survival guide. I wonder how they managed to write and publish this book - in just a few days.

Their last trick is to make people push the big payment button.

The swine flu should, of course, be taken seriously. But, you should always use trustworthy sources when seeking protection or guidelines. Contact hospitals or visit government sites where you can find correct instructions and tips; an excellent example is the World Health Organization’s (WHO) homepage. The sad truth is that ethics and morals are no longer an obstacle for a person who wants to make an easy profit online.

Albin Bodahl

Lavasoft Malware Labs