14 DAY TRIAL // Security researchers have identified multiple malicious campaigns leveraging mostly fake news or reports about the Ebola virus, in order to deliver malware or steer users to phishing websites.
A phishing operation caught by researchers deom Symantec impersonates a communication from CNN containing breaking news about the virus, luring the potential victim to click on a link for access to additional details that had not been disclosed.
The experts have analyzed the email delivering the malicious link and determined that the crooks are after the log-in details for major webmail providers.
“If the user clicks on the links in the email they are sent to a Web page, asked to select an email provider, and asked to input their login credentials. If the user performs this action, their email login credentials will be sent directly to phishers. The victim is redirected to the real CNN home page,” they write in a blog post.
Another three campaigns spotted by the researchers to rely on news about the Ebola virus as bait would deliver malware.
In one case, an attachment with a fake report about the virus adds Zeus Trojan, also known as Zbot, to the computer. Fortunately, all reputable antivirus products can now catch it before damage is done.
However, a campaign more complex in nature is also currently claiming victims; posing as an email from a major telecommunications service provider, there is an attachment purporting to be a PDF presentation of the virus.
Once executed, a newly discovered Trojan is released on the system, identified by Symantec as Blueso.
It appears that Blueso is not the final payload. “The malware is also crafted to inject W32.Spyrat into the victim’s Web browser,” say the researchers.
Its functionality ranges from logging key strokes, recording from the built-in webcam, grabbing screenshots or opening web pages to deleting data from the hard disk and enumerating files and folders.
It can also communicate with a command and control server to send and receive data. The experts note that the malware collects information about the applications installed on the computer as well as the underlying operating systems, and it can also remove itself from the machine.
The third malware campaign discovered by Symantec uses Zmapp as bait, an experimental drug for Ebola, claiming that it can kill the virus. The malware delivered is called Breut and it has functions such as capturing webcam activity, modifying hosts files, keylogging, password stealing and downloading and executing arbitrary programs and commands.
Unsolicited email most often contains some sort of threat, which can lead to compromising the computer and stealing sensitive details. Users are advised not to open links or attachments provided in such messages.