Cybercriminals using Ebola as bait to infect PCs, says Syamntec

The Symantec security blog has reported a series of malware and phishing operations cashing in on Ebola concerns. Since the outbreak of the actual virus in December 2013 and increasing media fervor in the past couple of months, the Ebola virus has attracted worldwide attention.

The World Health Organization (WHO) has declared it an international health emergency as more than 1,000 people have died of the infection in Guinea, Liberia, Sierra Leone and Nigeria this year. Symantec said it has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

"News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims," it said in a statement.

There are no vaccines, though some are being tested, along with new drug therapies. The WHO, in August, ruled that untested drugs can be used to treat patients in light of the scale of the current outbreak.

Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

The first campaign is fairly simple. Attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.

In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like "EBOLA – PRESENTATION.pdf.zip" actually executes Trojan.Blueso on the victim's computer.

Interestingly, the executed Trojan is not the final payload. The malware is also crafted to inject W32.Spyrat into the victim’s Web browser and allows attackers to perform the following actions:

• Log key strokes
• Record from the Web cam
• Capture screenshots
• Create processes
• Open Web pages
• Enumerate files and folders
• Delete files and folders
• Download and upload files
• Gather details on installed applications, the computer, and OS
• Uninstall itself

The third campaign piggybacks on some fresh Ebola news. In the last two weeks there has been talk of Zmapp, a promising Ebola drug still in an experimental stage. The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. The email attachment is Backdoor.Breutmalware.

"Symantec advises all users to be on guard for unsolicited, unexpected, or suspicious emails. If you are not sure of the email's legitimacy, then do not respond to it, and avoid clicking on links in the message or opening attachments," Symantec said.