US CERT has recently issued a warning about malware-delivery campaigns using users’ fear of the Ebola virus and its spreading as a bait.
One of the most prolific campaigns is the one that impersonates the World Health Organization:
The emails in question initially linked to the malware, a variant of the DarkKomet RAT tool, used by attackers to access and control the victim’s computer remotely and steal information.
After a while, the attackers began to attach the malware directly to the message, as access to the malicious file hosted on a popular cloud data storage service was blocked quickly by service administrators, noted Tatyana Shcherbakova.
According to Websense researchers, Ebola-themed malicious emails and documents are also being used by attackers taking advantage of the recently discovered Sandworm vulnerability (CVE-2014-4114).
“A sample from a third-party source, named ‘Ebola in American.pps’, was leveraging CVE-2014-4114 to download and execute a payload from a remote address via the SMB protocol, which most of the time isn’t allowed to connect to public Internet addresses,” they shared.