Ebola crisis leads to malware and phishing attacks

If you thought the Ebola crisis couldn't get any worse, think again.

 

Dell Cameron

Tech

Published Oct 17, 2014   Updated May 30, 2021, 9:28 am CDT

Unless you’re reading this report from a neighborhood in Monrovia, the odds of you contracting the Ebola virus are about the same as being struck in the head by a meteorite. But not all risks are viral, so to speak. Criminals are cashing in big on the pandemonium, and your privacy—not to mention your bank account—is at far greater risk than your health.

Featured Video Hide

For some time now, scammers have been exploiting the public’s concern over Ebola—a terrible and highly infectious disease that has ravaged entire communities in Liberia, Guinea, and Sierra Leone—in order to steal users’ private information and infect their computers with malware.

Advertisement Hide

As early as August, security researchers documented a number of methods that crooks use to compromise innocent people’s systems. Most of these methods rely on email scams, or phishing, and can be avoided with a healthy measure of common-sense.

The U.S. Department of Homeland Security on Thursday reminded Americans to be careful when they see links related to Ebola that ask for personal information or emails that contain suspicious attachments. The alert came from DHS’ always obvious and never insightful but sometimes helpful U.S. Computer Emergency Readiness Team (CERT), which has been doing its best to educate the public on the risks associated with social engineering, the art of duping unsuspecting people into voluntarily giving up sensitive information. “Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information,” CERT warns.

Researchers have documented cases in which malware like the trojan “Blueso” is used to inject malicious code into existing programs on users’ systems, giving crooks a wide range of nasty capabilities, including but not limited to: logging everything you type; recording you doing…whatever it is you’re doing in front of your webcam; taking screenshots of every webpage you visit; and cataloging or deleting everything on your hard drive.

New-Phishing-and-Malware-Campaigns-Use-Ebola-Virus-Epidemic-As-Bait-455334-2.jpg

Advertisement Hide


Researchers have also warned of exploits delivered in the form of a campaign to fund research for Zmapp, the experimental drug thought to be useful in combating the Ebola virus. Malware deployed in such attacks, possibly named after the popular French chanteuse “Breut,” can give dastardly hackers a backdoor into your system and will also provide them with a log of every key you press.

Although the distribution of malware associated with Ebola scams appears to be low, it is nevertheless advisable for users to always practice safe surf. (“Surfing” is what the olds used to call using the Internet. See also: webrings.) You should always use a firewall to block incoming connections to services that should not be publicly available; never open email attachments unless you’re expecting them; regularly update your antivirus software instead of clicking “remind me in 5 hours” every five hours; and either stop using your cat’s name as a password or try out a handy password manager like KeePass. As with most computer viruses, research shows that users running Microsoft’s Windows operating system appear to be at greatest risk of exposure. This article not paid for by Apple Inc.

Photo via dskley/Flickr (CC BY-ND 2.0)

Share this article
*First Published: Oct 17, 2014, 1:47 pm CDT