Cybercriminals using Ebola outbreak to spread malware: Symantec
As the lethal Ebola outbreak continues to ravage West Africa, cybercriminals are exploiting the fear of epidemic by spreading malware.
According to a blog post by security solutions provider Symantec, cybercriminals are "using the latest headlines to bait victims"
"Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme," revealed the company on Aug. 15.
Symantec sheds light on the three different methods via which the cybercriminals are getting people to install viruses on their devices. These viruses can assist in stealing sensitive data and passwords.
The first method deployed by the cybercriminals involves sending out an email that has a phony report on Ebola attached to it. The fake report is aimed at luring victims and downloading the attachment will result in the computer getting infected with the Trojan.Zbot malware.
The second method also involves sending out an email to the victims. However, this email imitates a telecom provider in the UAE - Etisalat - and also has a supposed "high-level presentation" pertaining to the Ebola virus attached as a zip file. Opening the file entitled "EBOLA - ETISALAT PRESENTATION.pdf.zip" will result in the computer being infected by the Trojan.Blueso.
This malware infects a user's Web browser with W32.Spyrat. Once infected, the hacker can delete files and folders on the victim's computer, log key strokes, download/upload files, open Web pages, record from the webcam, capture screenshots and even get details on the installed apps, the computer and OS.
The third method or campaign used by the attackers is quite sneaky as well and builds on the news that the experimental Zmapp drug can cure Ebola. The attackers in a bid to lure the victims, email them claiming that "Ebola virus has been cured" and "the news should be shared widely." This email too is accompanied by an attachment i.e. the malware Backdoor.Breut.
If these phishing and malware campaigns were not enough, the attackers are even using renowned publication CNN's name to make the emails seem authentic. This ploy adapts a brief story line and includes supposedly authentic links to an "untold story" which the user needs to click. The email also claims to provide a list of the "targets" areas and tips on guarding against the disease.
In the event the user clicks on the links given in the email, he/she is directed to a page where they need to select an email provider. This Web page has been created by the hackers and keying in your email details and password will result in the information being sent to the attackers. Post this, the victims is redirected to the authentic CNN home page.
Symantec cautions users and advises them to "guard for unsolicited, unexpected, or suspicious emails." If a user is unsure about the authenticity of an email then it is advisable not to respond, as well as desist from clicking on links or downloading attachments included in the message.