Any time there are major events or breaking news in the world cyber criminals try to exploit the situation—and Ebola is a prime opportunity. There is so much fear, misinformation, and paranoia going around that users are more willing to forget basic security practices in an effort to “stay informed”. Trustwave has uncovered a malware campaign designed to prey on Ebola fever (pun intended).
Trustwave researchers uncovered one new malware threat that comes disguised as an email from the World Health Organization (WHO), with a compressed file attachment. The message claims that the information and prevention tips in the attached file will help protect you from the Ebola virus. The file attachment is not a document, however—it is an executable that installs the DarkComet Remote Access Trojan (RAT).
The DarkComet RAT includes a vast array of insidious capabilities. It does keystroke logging, webcam capture, sound capture, remote desktop, uploads and executes additional malicious files, collects system information, modifies system host files, executes shell commands, steals passwords and torrent files, lists running processes, and runs remote scripts. Essentially, it gives the attacker carte blanche control over the compromised PC.
There is a lot of FUD (fear, uncertainty, and doubt) being spread about Ebola by legitimate news networks that should know better. Ebola is not something you want to get, but thankfully it’s not that easy to get despite the paranoid hyperbole you see everywhere about it.
The Trustwave blog post ends with this advice. “Just last week the United States Computer Readiness Team (US-CERT) published an advisory warning users of scams and spam campaigns using the Ebola virus as a social engineering theme. We are echoing their recommendation of never clicking unsolicited web links or attachments in email messages, particularly those with an Ebola theme.”
Do yourself (and everyone else) a favor, and just ignore emails that claim to have some magic, breaking news about the dangerous Ebola outbreak. Instead of opening those file attachments, or clicking those links, click these links instead, and take a deep breath. There are much bigger issues to worry about than Ebola: