There’s more than just the physical Ebola virus roaming sections of the world today. Cybercriminals, have jumped on Ebola’s fear tsunami, and are currently riding the wave into the inboxes of the masses. That’s right — Ebola’s now an issue on the world wide web too.
No ad to show here.
Thanks to the heightened desire for information regarding the virus and the resultant epidemic, masquerading as an Ebola-warning email from the venerable World Health Organisation itself is perhaps the most effective way to infiltrate an unsuspecting user’s machine.
The email includes an attachment which, once opened, executes a line of code containing the DarkComet Remote Access Trojan, or RAT. According to ethical hacker unit TrustWare SpiderLabs, it’s virtually undetectable by antivirus software and by spoofing and infecting a legitimate Windows service, the Trojan can remain silently active in memory too. Sneaky little devil.
And that’s not quite all either. While keylogging seems a primary objective, the nasty can also capture video and sound from webcams, enable remote desktop protocols, upload/execute/modify files, and obtain a slew of system information.
It is currently not know who or what organisation is behind this exploit, but SpiderLabs suggests it could be a “low volume campaign (sent to whatever address list the spammer is using) in an attempt to infect random users in the hope of gaining some data that can be used or sold.”
Although any malicious email campaign does harness the potential to cause widespread damage, some simple steps can be taken to prevent exploitation.
Opening any file without knowledge of the sender or scanning it first for malicious lines of code, is a recipe for disaster. Additionally, it is wise to disable Macros in the Microsoft Office suite if you’re not explicitly relying on it, or enable the protection feature. This can be done by following these steps.
While piggy-backing on the Ebola epidemic is a remarkably disturbing tactic for cybercriminals, this isn’t the first case of riding a bad news pony. Previous malicious campaigns used the 2004 Indian Ocean tsunami and the 2013 Boston Bombings to effectively wreak havoc on unsuspecting or simply curious users’ machines.
Featured image: TrustWare SpiderLabs