Fake WHO email about Ebola spreads malware

Advice email from “World Health Organization” harbours its own virus

Click here for malware

An IT security company has uncovered a malware-laden email that claims to come from the World Health Organisation that is designed to prey on fears over the Ebola virus.

According to researchers at Trustwave, the malware threat disguises itself in an email from the World Health Organization (WHO), complete with an attached file.

Advertisement - Article continues below

The message reads that it has information on how to prevent the Ebola spread in the file. However, the file is in fact an executable that installs the DarkComet Remote Access Trojan (RAT).

The Trojan makes use of its heavily obfuscated script to run undetected by antivirus software. This then creates a randomly named folder in the Windows Application Data drive and copies all of its component files into that folder. 

As well as keylogging, the Trojan can capture webcam images and sounds. It can remotely access the desktop as well as uploading and executing other files.

The malware also gathers system information, modifies system host files, executes shell commands, steals passwords and torrent files, lists processes and runs remote scripts. 

The Trojan then sends all this information to a remote server. At present, researchers said they have only seen one sample from the campaign so far.

Advertisement
Advertisement - Article continues below

"At this time we don't have reason to believe it is a widespread campaign. The address it was sent to was an old honeypot address, so it's not exactly targeted either," the researchers said in a blog post.

Advertisement - Article continues below

"These facts taken together suggest a low volume campaign (sent to whatever address list the spammer is using) in an attempt to infect random users in the hope of gaining some data that can be used or sold."

The firm said another campaign pretended to be from the Mexican Government with an advisory of the Ebola situation in Mexico. Trustwave said just last week the United States Computer Readiness Team (US-CERT) published an advisory warning users of scams and spam campaigns using the Ebola virus as a social engineering theme.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/30081/what-is-a-trojan-virus
Security

What is a Trojan?

24 Apr 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020