Monday, 1 September 2014
News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.
Malware and Phishing Campaigns
The first campaign is fairly simple, where attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware. In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like “EBOLA – PRESENTATION.pdf.zip” actually
Interestingly, the executed Trojan is not the final payload. The malware is also crafted to inject W32.Spyrat into the victim’s web browser and allows attackers to perform actions such as, log key strokes, record from the web cam, capture screenshots, create processes, open web pages, enumerate files and folders, delete files and folders, download and upload files, gather details on installed applications, the computer, and operating system, and uninstall itself.
The third campaign piggybacks on some fresh Ebola news. In the last two weeks there has been talk of Zmapp, a promising Ebola drug still in an experimental stage. The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. The email attachment is Backdoor.Breut malware.
Another is a phishing campaign that impersonates CNN with breaking Ebola news (with some terrorism thrown in). It gives a brief story outline and includes links to an “untold story.” The email also promises “How-to” precaution information and a list of “targeted” regions. If the user clicks on the links in the email they are sent to a Webpage, asked to select an email provider, and asked to input their login credentials. If the user performs this action, their email login credentials will be sent directly to phishers. The victim is redirected to the real CNN home page.
Symantec advises all users to be on guard for unsolicited, unexpected, or suspicious emails. If you are not sure of the email’s legitimacy then don’t respond to it, and avoid clicking on links in the message or opening attachments.
Symantec
advises all users to be on guard for unsolicited, unexpected, or
suspicious emails. If you are not sure of the email’s legitimacy then
don’t respond to it, and avoid clicking on links in the message or
opening attachments. - See more at:
http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
Interestingly, the executed Trojan is not the final payload. The malware is also crafted to inject W32.Spyrat into
the victim’s web browser and allows attackers to perform actions such
as, log key strokes, record from the web cam, capture screenshots,
create processes, open web pages, enumerate files and folders, delete
files and folders, download and upload files, gather details on
installed applications, the computer, and operating system, and
uninstall itself.
The third campaign piggybacks on some fresh Ebola news. In the last two weeks there has been talk of Zmapp, a promising Ebola drug still in an experimental stage. The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. The email attachment is Backdoor.Breut malware.
Another is a phishing campaign that impersonates CNN with breaking Ebola news (with some terrorism thrown in). It gives a brief story outline and includes links to an “untold story.” The email also promises “How-to” precaution information and a list of “targeted” regions.
If the user clicks on the links in the email they are sent to a Webpage, asked to select an email provider, and asked to input their login credentials. If the user performs this action, their email login credentials will be sent directly to phishers. The victim is redirected to the real CNN home page.
- See more at: http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
The third campaign piggybacks on some fresh Ebola news. In the last two weeks there has been talk of Zmapp, a promising Ebola drug still in an experimental stage. The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. The email attachment is Backdoor.Breut malware.
Another is a phishing campaign that impersonates CNN with breaking Ebola news (with some terrorism thrown in). It gives a brief story outline and includes links to an “untold story.” The email also promises “How-to” precaution information and a list of “targeted” regions.
If the user clicks on the links in the email they are sent to a Webpage, asked to select an email provider, and asked to input their login credentials. If the user performs this action, their email login credentials will be sent directly to phishers. The victim is redirected to the real CNN home page.
- See more at: http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
News
of the Ebola virus epidemic in West Africa has hit every news outlet
around the globe, and cybercriminals are once again using the latest
headlines to bait victims. Symantec has observed three malware
operations and a phishing campaign using the Ebola virus as a social
engineering theme.
Malware and Phishing Campaigns
The first campaign is fairly simple, where attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.
In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like “EBOLA – PRESENTATION.pdf.zip” actually
- See more at: http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
Malware and Phishing Campaigns
The first campaign is fairly simple, where attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.
In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like “EBOLA – PRESENTATION.pdf.zip” actually
- See more at: http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
News
of the Ebola virus epidemic in West Africa has hit every news outlet
around the globe, and cybercriminals are once again using the latest
headlines to bait victims. Symantec has observed three malware
operations and a phishing campaign using the Ebola virus as a social
engineering theme.
Malware and Phishing Campaigns
The first campaign is fairly simple, where attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.
In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like “EBOLA – PRESENTATION.pdf.zip” actually
- See more at: http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
Malware and Phishing Campaigns
The first campaign is fairly simple, where attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.
In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like “EBOLA – PRESENTATION.pdf.zip” actually
- See more at: http://www.channelworld.in/news/ebola-fear-used-bait-leads-malware-infection-514062014#sthash.dIZnWG56.dpuf
