The email is allegedly sent by the World Health Organization, and at first glance is very convincing. The logo and typeface could easily fool recipients into downloading an attachment which supposedly contains crucial information about the fight against Ebola. Another version of the email purports to have been written by the Mexican government, offering information on the status of Ebola within the country.
The Ebola malware
However instead of receiving potentially useful tips, users who download the attachment will find their device becomes infected with a malware called “dark comet”.
Anti-spam digital security specialist Karl Sigler works for Trustwave, and he claimed that “once dark comet is installed on your system the criminals out there have full control of your computer. They can turn on your web cam and video tape you without you knowing they can turn on your microphone and record voices in the room they can upload files and download files , install things, steal passwords.”
Trustwave outed the hackers after luring them into “honey pots”, their name for spam trap servers which replicate real mail or web servers used by both consumers and employees.
“They are really looking for those people in corporate environments and business environments and opening this e-mail and not just putting their own system at risk but their entire internal network business at risk,” Sigler continued.
Recent spam campaigns
Spam emails are an unfortunate factor of modern life. However the threat to your cyber security can vary from simply annoying to a potential hijacking of your machine, with all of the dangers that entails.
Cybercriminals are well known for piggybacking on major news events in order to entice more people to open those risky attachments, which most users are well aware should not be opened if they were sent from an unknown address.
Trustwave spokeswoman Abby Ross urged people to be more aware of their online security, sending out an email bulletin with the recommendation that users should be extra cautious “following unsolicited web links or attachments in email messages, particularly Ebola-themed ones.”