111th Day Of Lockdown

Maharashtra25442714032510289 Tamil Nadu138470895321966 Delhi112494899683371 Gujarat41906291982046 Karnataka3884315411686 Uttar Pradesh3647623334934 Telangana3467122482356 West Bengal3001318581932 Andhra Pradesh2916815412328 Rajasthan2439218103510 Haryana2124015983301 Madhya Pradesh1763212876653 Assam168071089541 Bihar1630511953125 Odisha13737875091 Jammu and Kashmir105135979179 Kerala7874409532 Punjab78215392199 Chhatisgarh4081315319 Jharkhand3760230831 Uttarakhand3537278647 Goa2453120714 Tripura206714212 Manipur16098960 Puducherry141873918 Himachal Pradesh121391610 Nagaland8453270 Chandigarh5594178 Arunachal Pradesh3601382 Meghalaya295452 Mizoram2311500 Sikkim164810

Ebola fear used as bait, leads to malware infection

Published Aug 18, 2014, 9:18 pm IST
Updated Mar 31, 2019, 11:23 am IST
Symantec has observed three malware operations and a phishing campaign

Mumbai: News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

Malware and phishing campaigns


The first campaign is fairly simple. Attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.

In the second campaign, cybercriminals send out an email that impersonates a major telecommunications services provider and claims to offer a high-level presentation on the Ebola virus. An attached zip file with a title like "EBOLA – PRESENTATION.pdf.zip" actually executes Trojan.Blueso on the victim's computer.

Interestingly, the executed Trojan is not the final payload. The malware is also crafted to inject W32.Spyrat into the victim’s Web browser and allows attackers to perform the following actions:


·         Log key strokes

·         Record from the Web cam

·         Capture screenshots

·         Create processes

·         Open Web pages

·         Enumerate files and folders

·         Delete files and folders

·         Download and upload files


·         Gather details on installed applications, the computer, and OS

·         Uninstall itself

The third campaign piggybacks on some fresh Ebola news. In the last two weeks there has been talk of Zmapp, a promising Ebola drug still in an experimental stage. The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. The email attachment is Backdoor.Breutmalware.

And last is a phishing campaign that impersonates CNN with breaking Ebola news (with some terrorism thrown in). It gives a brief story outline and includes links to an "untold story". The email also promises "How-to" precaution information and a list "targeted" regions.


If the user clicks on the links in the email they are sent to a Web page, asked to select an email provider, and asked to input their login credentials. If the user performs this action, their email login credentials will be sent directly to phishers. The victim is redirected to the real CNN home page.

Symantec advises all users to be on guard for unsolicited, unexpected, or suspicious emails. If you are not sure of the email’s legitimacy then don’t respond to it, and avoid clicking on links in the message or opening attachments.

Symantec customers that use the Symantec.Cloud service are protected from spam messages used to deliver malware. For the best possible protection, Symantec customers should also ensure they use the latest Symantec technologies incorporated into our consumer and enterprise solutions.


Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter