Cancer scare hoax email hits thousands

Sick message could plant virus on computer instead

Hacking

Thousands of email users have been sent a hoax message telling them they have cancer, the National Institute for Health and Care Excellence (NICE) has warned. The email marks a new low in spammers' tactics.

The email with the header "important blood analysis result", tells people that NICE has been sent a sample of their blood for further research.

The health watchdog said the contents of the email are likely to be distressing and have reported the incident to the police. Since the outbreak of the email hoax, NICE has been deluged by calls from worried individuals over the email.

The scam email, with the subject line "Important blood analysis result" tells recipients that NICE has been sent a sample of the recipient's blood for analysis.

"During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer," the sick message reads.

The message then asks the user to open an attachment claiming to be the test results. However, asking users to download and open attachments is a common way for for cybercriminals to plant viruses and malware on a victim's computer.

Sir Andrew Dillon, NICE Chief Executive: "A spam email purporting to come from NICE is being sent to members of the public regarding cancer test results.

"This email is likely to cause distress to recipients since it advises that test results' indicate they may have cancer. This malicious email is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police."

NICE advised people who receive the email to immediately delete it without opening in and not to click on any links within the email either.

UPDATE: Email verified as containing Zeus malware

An IT security firm had confirmed that the scam email purporting to be from Nice actually harbours the Zeus malware.

Fred Touchette, senior security analyst for AppRiver said that the attachment is a malicious zip file.

"If the attachment is unzipped and executed the user may see a quick error window pop up and then disappear on their screen," said Touchette.

"What they won't see is the downloader then taking control of their PC. It immediately begins checking to see if it is being analysed, by making long sleep calls, and checking to see if it is running virtually or in a debugger."

Touchette said that the malware also makes several duplicate instances of itself just in case someone was attempting to shut down the original process.

"Next it begins to steal browser cookies and MS Outlook passwords from the system registry. The malware in turn posts this data to a server at 69.76.179.74 with the command /ppp/ta.php, and punches a hole in the firewall to listen for further commands on UDP ports 7263 and 4400."

He added that this is all very common behaviour for the Zeus family of malware which is still very common in today's attacks. 

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021