Skip to main content

Don't get caught by this Ebola-themed malware scam

Researchers from security firm Trustwave have flagged up an instance of malware being sent by spammers taking advantage of the recent Ebola epidemic and West Africa.

The criminals have crafted an e-mail that appears to come from the World Health Organisation (WHO) encouraging users to open an attachment to find out how they can protect themselves against the disease.

Once users click on the attachment in the e-mail, malware is downloaded onto their machine. This particular e-mail has been sent to a few hundred organisations hoping to lure victims into opening the attachment and then gather information they can later sell.

Although this isn't as widespread as other malware campaigns, it only takes one infection to compromise an organisation.

Below you can see an example of the e-mail being sent by the spammers:

It isn't surprising to find cyber criminals are continuing to piggyback on newsworthy and major events, disasters and outbreaks in order to lure potential victims and spread their malware. Back in March, scammers used the tragedy of the disappeared Malaysian Airlines passenger jet Flight MH370 to infect Facebook users with malware.

Only last week, the United States Computer Readiness Team (US-CERT) made an advisory about protecting users against scams and spam campaigns using the Ebola virus disease as a social engineering theme. Trustwave follows the US-CERT recommendations, to not follow unsolicited web links or attachments in email messages, particularly Ebola themed ones.