Emails Promising Ebola Virus Information Deliver Malware

Media Division | October 24, 2014

Cyber criminals have been doing a good job at utilizing major events and outbreaks to cause panic and lure email users into clicking malicious attachments infected with malware. Facebook users were the victims of missing Malaysian airline MH370 information that was used to spread malware.

A similar campaign has been highlighted by Trustwave’s security researchers. Hackers are using information about the Ebola virus that has killed 4,881 people in West Africa as of today to craft emails that encourage victims to open an attachment to discover breakthrough information about the virus and new prevention tips. The emails are purported to be from the WHO (World Health Organization).

However, the attachment carries malware and once opened will infect the victim’s PC. The malware has been said to be a RAT (remote access Trojan) named DarkComet: it gives criminals carrying out the campaign control over the victim’s machine after installation and can be used to steal passwords, turn on the microphone to record conversations and even shut down or lock the PC remotely.

Scale of the attack

Other similar malware-carrying email campaigns have targeted millions of victims at a single time, but this one seems more segmented as it has been sent to a few hundred organizations.

With such a low volume of sent emails, the goal of the hackers may have been to target organizations who may be dealing with the Ebolaoutbreak, and would therefore be more interested in new information and clicking on the link.

“It suggests a low volume campaign in an attempt to infect random users in the hope of gaining some data that can be used or sold,” Trustwave stated.

The emails include some of the following subject lines: ‘Ebola virus outbreak: Curing Breakthrough Revealed?’ ‘What you need to know about the deadly Ebola virus’ ‘Ebola Outbreak Now WORSE Than We’re Being Told’

Along with the spam campaign, there is also other information – fake news about the deadly virus is spreading via social networks, where people are being tricked into clicking links like one claiming outbreaks of the disease among children in a US institute.

There is also an uptick in stories from sites like the National Report, which have been accused for making money by tricking users into spreading fake stories about the Ebola outbreak.

Hoax-Slayer has made a list current Ebola-related hoaxes to watch out for, including one claiming that a number of iPhone 6 handsets have been contaminated with Ebola during manufacturing and are helping the virus to spread.

“Sharing false information about Ebola is both dangerous and irresponsible,” he stated, and added that “criminals are also getting in on the act by peddling useless Ebola remedies and using Ebola as a cover story for advance fee scams.”

Best practices to protect yourself against Ebola email malware

Ignore emails claiming to provide Ebola information: Instead of opening these emails and opening the attachments inside them, do your own research about the Ebola virus in newspapers and Google.

Update your antivirus: Install an advanced antivirus software and make sure to enable a background check so it has a good chance of detecting malicious files downloaded in the background.

Follow basic security practices: Give consideration to the attachments inside the email, and take out a few minutes to read the entire message. Large corporations can take advantage of phishing solutions to avoid being infiltrated with malware.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.