Cyber criminals using Ebola outbreak to spread malware

Cyber criminals were taking advantage of the recent Ebola outbreak to trick unsuspecting web users into downloading malware sent in emails that purported to come from the World Health Organisation (WHO), The Register reported.

Security researchers at Trustwave, who first discovered the malware, flagged it when it  appeared that criminals had crafted bogus WHO emails encouraging people to open a .RAR attachment to find out how they could protect themselves against Ebola.

According to Trustwave, once the attachment had been clicked on, it downloaded malware onto the victim's machine.

The emails had been sent to a few hundred organisations by criminals who hoped to gather information which they could later sell.

According to Trustwave, upon closer inspection, the RAR compressed file attachment was not a document file but an executable file of a DarkComet Remote Access Trojan.

"This Trojan makes use of its heavily obfuscated AutoIt-based script to run undetected by antivirus software.

"When run, it creates a randomly named folder in the Windows Application Data folder and drops all of its component files into that folder."

"It isn't surprising to find cyber criminals continuing to piggyback on newsworthy and major events, disasters and outbreaks in order to lure potential victims and spread their malware," said the security firm.

If this malware was downloaded on to computers, the hackers could not only get the user's passwords but could also have complete access to users' webcam and microphone in their own home or office.

The e-mail looked real with a logo from the World Health Organization, and said it contained crucial information to protect people against Ebola, ww.abc7chicago.com reported citing its I-Team investigation.

However, if one clicked on the attachment there was another danger in store for users' desktop - a malware called "dark comet."

The report cited Karl Siger of Trustwave as saying, once dark comet was installed on users' system the criminals out there had full control of user's computer.

They could turn on users' web cam and video tape users without users' knowing, they could turn on the microphone and record voices in the room they could upload files and download files, install things, steal passwords.

Anti-spam digital security specialist Karl Sigler worked for Chicago's Trustwave, but he was based in Atlanta and spoke to the I-Team via Skype.