UAB Computer Forensics Finds New Virus Disguised as Social Security Administration Download

A new spam campaign using false e-mails made to look like messages from the Social Security Administration is capable of stealing Social Security numbers and downloading malware onto victims’ home computers, says Gary Warner, director of computer forensics at the University of Alabama at Birmingham (UAB).

November 23, 2009

• Spam mimics Social Security Administration messages

• Spam downloads contain viruses

• Viruses can steal passwords and other personal information

BIRMINGHAM, Ala. - A new spam campaign using false e-mails made to look like messages from the Social Security Administration is capable of stealing Social Security numbers and downloading malware onto victims' home computers, says Gary Warner, director of computer forensics at the University of Alabama at Birmingham (UAB).

The campaign was discovered Nov. 23 by Warner and his team in the UAB Spam Data Mine.

"In this continued difficult economy, these cyber criminals are now preying on victims' concerns over money, promising Social Security payouts and tax breaks to victims that sign in to the criminals' fake Social Security Web pages," Warner says.

The spam messages tell users that there are errors with their Social Security statement then asks them to link to false pages made to look like the Social Security Administration Web site. Warner says the false pages ask users to enter their Social Security numbers before prompting them to download their fake statement.

"The reality is that the download is actually a virus capable of stealing personal information, including bank passwords, from home computers," Warner says. "So once you have completed the login and download, the cyber criminals not only have your Social Security number, they also have infected your computer with serious malware that enables them to steal information and raid your bank and other accounts."

Warner says the UAB Spam Data Mine uncovered the new Social Security scam during its daily routine searchers for the top spam campaigns, which are conducted every 15 minutes due to the high volume of spam arriving in the data mine's inboxes each day.

"This morning (Nov. 23) over the course of just two search periods, or just one half hour, we went from zero instances of the Social Security spam to uncovering some 600 samples of the spam," Warner said. "So we have not only uncovered a very new campaign, but a quick-spreading one as well."

Warner reminds computer users that no legitimate company or agency would ever ask users to update or review records via e-mail, but instead would request they do so only through that company's own Web site. E-mails requesting account updates should not be considered legitimate, Warner says.

Learn more about the Social Security spam campaign and how the UAB Spam Data Mine was able to uncover it by clicking here to link to Warner's blog Cyber Crime and Doing Time.

About UAB

UAB Computer Forensics Research is on the front lines of cyber crime and takes a three-part approach in its response to the problem: academic training to prepare the next generation cyber-crime investigators, increased public awareness of cyber crime and research to develop cutting-edge options for battling cyber criminals.