On February 1, 2016, the WHO declared a Public Health Emergency of International Concern in response to Zika virus.
On February 1, 2016, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) in response to the outbreak of the Zika virus and its associated birth defects in the Americas. Since this declaration, Symantec Security Response has observed a malicious spam campaign seeking to capitalize on the global interest in what the director of the WHO calls an “extraordinary event.”
Brazil: Curious health advice on Zika virus
The country most notably affected by cases involving the Zika virus is Brazil, so it comes as no surprise that one of the first cases involving Zika-related malicious spam would focus on Brazilian citizens.
The malicious spam email claims to be from Saúde Curiosa (Curious Health), a health and wellness website in Brazil. The subject of the email says, “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” which translates to: “Zika Virus! That's Right, killing it with water!" The email itself uses imagery and text taken from a real article on Saúde Curiosa, but includes buttons and attachments to try to capture the recipient’s attention, such as “Eliminating Mosquito! Click Here!” and “Instructions To Follow! Download!” as well as a file attachment.
The links behind these buttons lead to the URL shortening service Bitly, which redirects to the file hosting service Dropbox. Both the files hosted on Dropbox and the file attached to the email were detected as JS.Downloader. Once a user is infected with JS.Downloader, it will attempt to download additional malware onto the compromised computer.
Cybercriminals capitalize on newsworthiness
Newsworthy events on a regional or global level often provide fertile ground for cybercriminals seeking to capitalize on the interest in these events. In this case, the Zika virus’ impact in countries like Brazil is being leveraged, while the potential impact in other countries make it a prime candidate for more malicious spam.
Mitigation
Users must be aware of unsolicited messages about the Zika virus and to follow these best practices:
- For information about the Zika virus, visit the World Health Organization’s website
- Always look for trusted news sources, regionally and globally, for additional information
- Avoid clicking on links or opening attachments in unsolicited email messages
- Run security software on your computer and ensure that it is up to date
