Ebola hits not just humans, but also computers

Even as the battle to combat Ebola in West Africa and prevent its spread continues, cybercriminals are using the latest headlines associated with the epidemic to bait innocent victims. IT security firm Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme. In other words, not only the virus has affected human beings, but the computers too are the affected lot.

The recent Ebola outbreak in West Africa is being considered as the world?s deadliest to date. The World Health Organisation (WHO) has declared it an international health emergency as more than 1,000 people have died of the infection in Guinea, Liberia, Sierra Leone and Nigeria this year.

Tarun Kaura, director, Technology Sales, India, Symantec, says, ?Over the years, scammers have used both real and fake events/situations as baits to convince users to click on links and perform actions online. In the past, global sporting events such as FIFA World Cup and famous celebrity deaths or hoax messages were capitalised by the cybercriminals.?

Talking specifically about the Ebola scare, the Symantec director reveals that cybercriminals are using the latest headlines on Ebola virus epidemic to bait victims through various social engineering themes. The first campaign is fairly simple. Attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware. In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like ?Ebola ? Presentation.pdf.zip? actually executes Trojan.Blueso on the victim?s computer.

The third campaign piggybacks on some fresh Ebola news. In recent weeks, there has been talk of Zmapp, a promising Ebola drug still in an experimental stage. The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. ?Once the malware gets installed in the victim?s system, it can allow the scammers to record user?s activities by gaining access to the web camera, capture screenshots, delete and upload files and folders amongst many other things,? says Kaura. ?All the malicious attachments with Ebola themed spams we have seen so far were Windows malware. We have not yet seen any Mac or Linux malware.?

Another phishing campaign impersonates CNN with breaking Ebola news (with some terrorism thrown in). It gives a brief story outline and includes links to an ?untold story?. The email also promises ?How-to? precaution information and a list ?targeted?regions. ?Symantec advises all users to be on guard for unsolicited, unexpected, or suspicious emails. If you are not sure of the email?s legitimacy, then do not respond to it, and avoid clicking on links in the message or opening attachments,? says the Symantec director.

With more and more people getting online for their day to day activities, higher are the chances for them to fall for online scams and malicious activities. Therefore, it is important to safeguard ourselves while engaging in activities online, awareness and prevention are the best ways to avoid any losses through cybercriminal activity, adds Kaura.