Hackers Pretending to be WHO Distributing Ebola-Themed Spam Mails

According to SpiderLabs a cyber-security band, hackers, pretending to be WHO (World Health Organization) a global health agency, have launched malware-laced spam mails targeting unwitting users as they're tricked with an Ebola pandemic fright so they'd view the malicious messages, published designtrend.com, October 26, 2014.

Displaying a header "Ebola Safety Tips-By WHO," the malicious e-mails tell how recipients can protect themselves against the lethal Ebola virus.

The e-mails display other headings too - "So Really, How Do You Get Ebola?" "What You Need To Know About The Deadly Ebola Outbreak," "The #1 Food Items You'll Need In An EBOLA Crisis," and "Is there ANY way to cure Ebola?"

SpiderLabs also cautions about the e-mails' writings which try convincing readers towards pulling down an attached file having anti-Ebola security measures.

So one sample message that SpiderLabs's blog shows tells that the information along with preventive measures catalogued within the attachment would assist the reader as well as people around him remain protected.

It elaborates there's one epidemic of Ebola as well as diseases of other kinds at the recipients' places about these users know nothing; therefore, they should download the WHO file to get extra info regarding the way they can remain protected against Ebola as also the other preventable illnesses. The message ends with 'We care.'

But, if anyone opens the e-mail, he would download one RAR file carrying software for letting the hackers gain admission into his PC as well as its data.

The loaded malicious program would further load a Remote Access Trojan namely DarkComet that most anti-virus solutions can't detect.

The Trojan solely impacts Windows systems and not Mac computers, as these don't allow RAR file hosting that could enable spam/malware dissemination.

Meanwhile, although the campaign seems as getting quite widespread, fortunately specialists haven't still confirmed if it's any full-time scam. However, given that usernames and passwords have lately leaked from different social media websites, authorities think they should caution people early on about such dubious electronic mails. They suggest that maintaining one's security system up-to-date, while avoiding viewing any electronic mail of the aforementioned type, is the best manner for remaining secure.

» SPAMfighter News - 10/30/2014