Malware developers prey on Ebola paranoia

Despite the fact that contracting Ebola is highly unlikely, and that there are a wide variety of things that are a much greater threat to the lives of every day people, it seems that we’re in full-on, 24/7 Ebola panic mode. Cyber criminals have no qualms against playing into your paranoid delusions and exploiting Ebola fears–as evidenced by new attacks discovered by Trustwave.

I wrote a blog post about the Ebola (malware) outbreak:

Any time there are major events or breaking news in the world cyber criminals try to exploit the situation—and Ebola is a prime opportunity. There is so much fear, misinformation, and paranoia going around that users are more willing to forget basic security practices in an effort to “stay informed”. Trustwave has uncovered a malware campaign designed to prey on Ebola fever (pun intended).

Trustwave researchers uncovered one new malware threat that comes disguised as an email from the World Health Organization (WHO), with a compressed file attachment. The message claims that the information and prevention tips in the attached file will help protect you from the Ebola virus. The file attachment is not a document, however—it is an executable that installs the DarkComet Remote Access Trojan (RAT).

The DarkComet RAT includes a vast array of insidious capabilities. It does keystroke logging, webcam capture, sound capture, remote desktop, uploads and executes additional malicious files, collects system information, modifies system host files, executes shell commands, steals passwords and torrent files, lists running processes, and runs remote scripts. Essentially, it gives the attacker carte blanche control over the compromised PC.

You can read the full story at CSOOnline: Maybe there really is an Ebola (malware) outbreak.

Scroll to Top