With panic setting in over the spread of the Ebola virus, online scammers are attempting to take advantage by spreading malware through fake official emails.
According to a report from online security firm Trustwave, hackers have been launching attacks through Ebola-themed emails for the past few months. The emails have provocative subject lines that bait people into clicking. The messages have titles such "EBOLA Outbreak - FEMA Storing 250,000 Plastic Coffins" and "First GMO foods, now Ebola. What Obama doesn't want you to know."
"Unsurprisingly, cybercriminals continue to piggyback on newsworthy and major events, disasters and outbreaks to lure potential victims and spread their malware," Trustwave's SpiderLabs team wrote in a blog post. "Ebola is just another convenient theme for the bad guys to latch onto."
The SpiderLabs team, which is made up of ethical hackers, said that the virus can enable attackers to steal passwords and take control of a computer's webcam and microphone remotely. In its report, SpiderLabs presented two samples of the Ebola emails. The first one, which had the subject line "Ebola Safety Tips-By WHO," comes complete with the World Health Organization logo. The message contains malware disguised as a document file that contains safety tips against contracting Ebola. The "document" is actually an executable file that runs a DarkComet Remote Access Trojan (RAT). When triggered, the Trojan can run even if the computer has antivirus software.
The other type of spam email that the team found was a fake Ebola advisory from the Mexican government. The message, which is in Spanish, entices people to enable a feature in Microsoft Word that would allow the content to load. When victims comply, a malware would be downloaded from a remote server.
Not all Ebola-themed emails are designed to spread malware. Some are more annoying than harmful. According to the SpiderLabs team, the number of unsolicited emails with links to pharmaceutical websites, ads and gaming forums rose during this month.
Earlier this week, the United States Computer Emergency Readiness Team (US-CERT) released an advisory that warned against email scams that mention Ebola. The agency, which is a division of the Department of Homeland Security, advised against clicking on links and attachment in emails and urged people to update their anti-virus software.