Cybercriminals Tell Users They Might Have Cancer to Trick Them into Installing Malware

The emails purport to come from the National Institute for Health and Care Excellence

By Eduard Kovacs on March 13th, 2014 11:54 GMT

Cybercriminals have hit a new low. They’re telling users they might have cancer just to trick them into installing a piece of malware on their computers.

The emails are being distributed as part of a spam campaign that leverages the reputation of the United Kingdom’s National Institute for Health and Care Excellence (NICE). The malicious notifications carry the subject line “IMPORTANT: blood analysis results” and they purport to come from no_reply@nice.org.uk.

The malicious emails read something like this:

“We have been sent a sample of your blood analysis for further research. During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer.

We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible.”

The file that’s attached to the emails is not a CBC test result, but an archive (CBC_result_46EA57E17F), which contains what appears to be a harmless PDF document. In reality, it’s a double extension file (CBC_scaned_584444449.pdf.exe).

At the time of writing, 14 of the 50 antivirus engines on Virus Total detect the archive as being malicious.

VirusTotal detection for malicious file
VirusTotal detection for malicious file
Only 3 antivirus engines recognize the executable file as a threat.

VirusTotal detection for malicious file
VirusTotal detection for malicious file
ESET experts have told Softpedia that the malware is actually a variant of the Win32/PSW.Fareit.A Trojan. The threat is designed to steal passwords and other sensitive information from infected computers.

The emails are well designed and recipients, particularly someone who has recently done some blood tests, could rush to open the attachment without giving it too much thought.

NICE is aware of the spam run. The organization has published the following warning on its website:

“NICE is aware that a spam email is being sent to members of the public regarding cancer test results. Please be assured that this email is not from NICE and we are currently investigating its origin. If you have received the email, do not open the attachments.”

Judging by the tweets posted by NICE over the past hours, a lot of people are getting these emails.

In case you’ve already opened the attachment and your antivirus hasn’t detected the malware, update your security product and run a full computer scan. In case the threat hasn’t been detected, security companies will probably update their virus definition databases in the following hours.

Hat tip to Amy Stevens (Senior PR consultant at Davies Murphy Group) for bringing this to our attention.
Fake NICE emails spread malware
3 photos
   Fake NICE emails spread malware

Photo Gallery (3 Images)

Gallery Image
01
Gallery Image
02
Gallery Image
03
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments