- Jan 24, 2011
- 9,378
Security researchers have discovered a new email attack campaign using public interest in the recent Ebola virus outbreak to infect users with a banking trojan.
The attackers in question have created an email template designed to spoof a World Health Organization (WHO) missive on Ebola, which contains links to three 'factsheets' on how to prevent the deadly virus, according to Proofpoint.
Clicking on one of those links will take the user to a landing page mimicking a genuine WHOEbola factsheet, which is “almost indistinguishable from the original,” the vendor said in ablog post.
“When the page loads, it requests permission to run a Java applet that will attempt to load a variant of the popular Zeus banking Trojan on the user’s machine,” Proofpoint continued.
“Even with a security warning and suspicious hosting location (wsh3ll.bplaced[.]net), it’s not surprising that some users will click.”
If Zeus is successfully downloaded, it will work as a typical banking trojan, although it also displays some RAT-like characteristics.
“The Remote Access Trojan (RAT) results in ongoing access for attackers, giving them a pathway to install additional malware on the infected PC,” said Proofpoint.
The attack campaign is by no means the first to use Ebola as a lure to entice concerned netizens to click on something they shouldn’t.
A fortnight ago, Symantec reported three malware operations and a phishing campaign using Ebola as a social engineering theme.
One includes the Zbot Trojan, while a second impersonates Middle East telecoms firm Etisalat and features an attachment hiding the Blueso Trojan and information-stealing Spyrat malware.
The third apparently hides the backdoor Breut malware in an attachment claiming to offer news of a cure for the deadly virus.
Read more: http://www.infosecurity-magazine.com/news/ebola-outbreak-infects-users-zeus/
The attackers in question have created an email template designed to spoof a World Health Organization (WHO) missive on Ebola, which contains links to three 'factsheets' on how to prevent the deadly virus, according to Proofpoint.
Clicking on one of those links will take the user to a landing page mimicking a genuine WHOEbola factsheet, which is “almost indistinguishable from the original,” the vendor said in ablog post.
“When the page loads, it requests permission to run a Java applet that will attempt to load a variant of the popular Zeus banking Trojan on the user’s machine,” Proofpoint continued.
“Even with a security warning and suspicious hosting location (wsh3ll.bplaced[.]net), it’s not surprising that some users will click.”
If Zeus is successfully downloaded, it will work as a typical banking trojan, although it also displays some RAT-like characteristics.
“The Remote Access Trojan (RAT) results in ongoing access for attackers, giving them a pathway to install additional malware on the infected PC,” said Proofpoint.
The attack campaign is by no means the first to use Ebola as a lure to entice concerned netizens to click on something they shouldn’t.
A fortnight ago, Symantec reported three malware operations and a phishing campaign using Ebola as a social engineering theme.
One includes the Zbot Trojan, while a second impersonates Middle East telecoms firm Etisalat and features an attachment hiding the Blueso Trojan and information-stealing Spyrat malware.
The third apparently hides the backdoor Breut malware in an attachment claiming to offer news of a cure for the deadly virus.
Read more: http://www.infosecurity-magazine.com/news/ebola-outbreak-infects-users-zeus/
