It reaches the computer in an email message related with the H1N1 virus (swine flu) in which users are required to create a personal vaccination profile by accessing a certain website. It is designed to steal confidential information from the computer and the user.

Windows 2003/XP/2000/NT/ME/98/95

Sinowal.WRN is a Trojan which uses the subject of the H1N1 virus (swine flu) as a bait to infect as many users as possible. It reaches the computer in a message about a false vaccination program for this virus.

Sinowal.WRN is designed to steal information from the computer and the user, such as passwords or other confidential data. Then, this information is stored in several files and sent to its creator later.

Sinowal.WRN does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

Sinowal.WRN is easy to recognize, as it reaches the computer in an email message related with the H1N1 virus (swine flu) which has the following characteristics:

• The subject of the message can be one of the following:
  Governmental registration program on the H1N1 vaccination
  State Vaccination H1N1 Program
  Your personal Vaccination Profile
  Create your personal Vaccination Profile
  State Vaccination Program
  Creation of personal Vaccination Profile
  Instructions on creation of your personal Vaccination Profile
• The message informs users of a false vaccination H1N1 program and requires them to create a personal vaccination profile by accessing a certain website. The message includes a link to that website.
• The following is an example of the email message in which Sinowal.WRN is being distributed: