It was only a matter of time: Cybercriminals are now using the threat of the Ebola virus to con email users into downloading malicious payloads. One particularly monstrous email purported to come from the World Health Organization (WHO) and announced, “There is an outbreak of Ebola and other diseases around you … Download the World Health Organization file for more information on how to stay safe from Ebola …” According to Websense Security Labs, the malware delivered in that campaign is the DarkKomet RAT, which allows remote access to the victims’ computers.
Today that information was published in a Websense Security Labs blog post that also documented several campaigns that use the fear of Ebola to spread malware, such as the zero-day vulnerability recently used in the Sandworm campaign. An item identified as Ebola in American.pps, says Websense, was leveraging the vulnerability CVE-2014-4114 to download and execute a payload from a remote address.
“We know that cybercriminals will take advantage of every topical opportunity to target victims,” says Carl Leonard, senior manager, security research at the San Diego-based Security Labs. “By posing as WHO, a trusted global source of information, and by using the threat of the Ebola virus, these criminals are using strong social engineering tactics to compel victims to click. Not only is it particularly nefarious, but it is highly effective. Users must use caution and businesses must have the security solutions in place to prevent these attacks from being successful.”