IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Fake WHO email about Ebola spreads malware

Advice email from “World Health Organization” harbours its own virus

Click here for malware

An IT security company has uncovered a malware-laden email that claims to come from the World Health Organisation that is designed to prey on fears over the Ebola virus.

According to researchers at Trustwave, the malware threat disguises itself in an email from the World Health Organization (WHO), complete with an attached file.

The message reads that it has information on how to prevent the Ebola spread in the file. However, the file is in fact an executable that installs the DarkComet Remote Access Trojan (RAT).

The Trojan makes use of its heavily obfuscated script to run undetected by antivirus software. This then creates a randomly named folder in the Windows Application Data drive and copies all of its component files into that folder. 

As well as keylogging, the Trojan can capture webcam images and sounds. It can remotely access the desktop as well as uploading and executing other files.

The malware also gathers system information, modifies system host files, executes shell commands, steals passwords and torrent files, lists processes and runs remote scripts. 

The Trojan then sends all this information to a remote server. At present, researchers said they have only seen one sample from the campaign so far.

"At this time we don't have reason to believe it is a widespread campaign. The address it was sent to was an old honeypot address, so it's not exactly targeted either," the researchers said in a blog post.

"These facts taken together suggest a low volume campaign (sent to whatever address list the spammer is using) in an attempt to infect random users in the hope of gaining some data that can be used or sold."

The firm said another campaign pretended to be from the Mexican Government with an advisory of the Ebola situation in Mexico. Trustwave said just last week the United States Computer Readiness Team (US-CERT) published an advisory warning users of scams and spam campaigns using the Ebola virus as a social engineering theme.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
What is a Trojan?
Security

What is a Trojan?

27 Aug 2021

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022