Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.
While Ebola-themed online hoaxes are nothing new, malware peddlers have recently started pushing their wares via phishing emails impersonating the World Health Organization and, according to Malwarebytes’ Jovi Umawing, offers of a “early warning system tool” that supposedly alerts users of any Ebola outbreaks near the area in which they live.
The software is offered on ebolawarnings(dot)com – the site is still up as I write this – and when users visit it they either trigger the automatic download of an executable (EbolaEarlyWarningSystem.exe) along with a loud siren sound, or are urged to download the file themselves (and the siren stops screaming).
The file initially had a very bad detection rate, but it improved as time went by: now 21 of the 53 AV solutions used by VirusTotal detect it as malicious.
Once run, it prompts users to install the ONLY Search toolbar, then several other programs among which are Block-n-Surf (a supposed tool used to protect children from adult-related content), System Optimizer Pro (a tool that purportedly optimizes the user’s system), oneSOFTperday (a tool that gives users access to free apps), and a remote access tool.
The latter download is what could bring users’ the most misery as it allows unknown parties to access their computers remotely, but the ONLY Search toolbar is not completely innocuous, as it changes all browser default search pages to ONLY Search, loads affiliate sites, pushes additional useless software onto the user (and urges users to pay for them), and in general slows down the computer.
Interestingly enough, the Ebola Early Warning System toolbar was simply a bait, and no such software is installed on the victims’ computer.