News of the Ebola virus outbreak in West Africa has been all over the newsgraphics media worldwide and cybercriminals are once again using the latest news headlines to lure their victims. Symantec has identified three cases malware and a phishing campaign that uses the Ebola virus as a subject.
Malware and Phishing campaigns
The first campaign is pretty simple. Attackers send an email containing a false reference to the Ebola virus to attract the victims and what the users actually receive is an infection from the Trojan.Zbot malware.
In the second campaign, cyber criminals send emails where they are presented as the company Etisalat, a telecommunications service provider in the United Arab Emirates with a presence in 18 countries across the Middle East, Asia and Africa. In the attached zip file titled: “Ebola - ETISALATPRESENTATION.pdf.zip ”is actually contained in the Trojan.Blueso, which infects the victim's computer.
Figure 1. The Email for the Ebola virus uses Trojan.Blueso
It is interesting that the Trojan running is not the final payload. The malware is also built to insert the W32.Spyratin the victim's Webbrowser and allow attackers to perform the following actions:
- log key strokes
- Subscribe from Website camera
- Download Screenshots
- Creating processes
- Access to websites
- List files and folders
- Delete files and folders
- Download and upload files
- Gather information from installed applications, computer and operating system
- Uninstall the virus
The third campaign brings some new news about the Ebola virus. The last two weeks have been discussed Zmapp, a promising drug for the Ebola virus, which is still at an experimental stage. Attackers cheat their victims with an email in which they claim that the Ebola virus has been cured and the new one has to spread widely. Email is attached to the email Backdoor.Breut.
Figure 2. Malicious email attracts users claiming that the Ebola virus has been treated
Finally, one Phishing campaign, impersonating the website CNN where it gives important news about the Ebola virus (it also contains news on terrorism). A summary is included and included left-wing for the full story. The email also promises to suggest precautionary measures as well as a list of areas that have been "targeted" by the disease.
Figure 3. The campaign Phishing uses it CNN as a bait.
If the user clicks on left-wing containing the email goes to a web page, where he is asked to select his email provider and then enter his login credentials. Once the user performs this procedure email login credentials will be automatically sent to phishers. Then the victim goes to their home page CNN.
Figure 4 Phishers infringing information login through forged pages login.
Η Symantec advises all users to be on the lookout for unwanted or suspicious users emails. If you are not sure about the legitimacy of the email then do not respond to it and avoid clicking on left-wing that are in the message or open the attached files.
Its customers Symantec who use the service Symantec.Cloud are protected by spam messages, which are used to carry malware. For the best possible protection, its customers Symantec they need to make sure they use the latest ones protection technologies provided by Symantec, which are embedded in the solutions it provides to consumers and businesses.
