Zika virus fears exploited to spread malware

Mosquito

Low-life criminals are capitalizing on people's fears of the Zika virus in order to infect computers with malware.

According to a fact sheet published by the World Health Organization (WHO), the Zika virus is a disease that is transmitted primarily by Aedes mosquitoes, though it has been shown to be sexually transferrable in a small number of cases.

Symptoms are generally mild. Most people who contract the disease experience a fever, conjunctivitis, muscle and joint aches, skin rashes, malaise, and/or a headache for between two and seven days, at which point in time the virus goes away on its own.

WHOIn some cases, however, the virus is known to cause complications. Health officials have observed an increased rate of microcephaly, or abnormal smallness of the head that is related to incomplete brain development, in babies born from mothers who contracted the Zika virus while they were pregnant.

This complication in particular has spurred the WHO to declare the Zika virus a level 1 outbreak and to declare a Public Health Emergency of International Concern (PHEIC).

There is currently no treatment for the Zika virus, which has led to widespread fears among expecting mothers all over the world.

Unfortunately, computer criminals are now beginning to exploit these fears for nefarious purposes.

In an article published last week, Satnam Narang, senior security response manager at Symantec, discusses one attack campaign in particular that is leveraging spam emails in an attempt to infect users with malware:

"The malicious spam email claims to be from Saúde Curiosa (Curious Health), a health and wellness website in Brazil. The subject of the email says, "ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!" which translates to: "Zika Virus! That's Right, killing it with water!"

The email itself uses imagery and text taken from a real article on Saúde Curiosa, but includes buttons and attachments to try to capture the recipient's attention, such as "Eliminating Mosquito! Click Here!" and "Instructions To Follow! Download!" as well as a file attachment."

Malicious zika email

The clickable buttons in the email redirect users, via a bit.ly-shortened URL, to a Dropbox file that was downloaded 1,610 times between February 5th and February 18th.

Both the file and the attachment have been identified as JS.Downloader, a malicious dropper that attempts to install other malware onto a user's infected machine.

Computer criminals have long been leveraging popular fears and dramatic international events to infect users with malware.

Some of the events coopted by attackers as lures in recent years include swine flu fears, the 2013 Spanish train disaster that killed 77 people, the United States' military involvement in Syria, and the mysterious disappearance of Malaysia Airlines Flight MH370.

Malaysia Airlines video scam

It takes a true low-life to abuse people's concerns for a virus in order to spread malicious software.

Fortunately, it doesn't take much to avoid these emails. All a user needs to do is be careful about where they sourcetheir information.

Social media and email might provide a useful indication of breaking news, but it's better to go to the sites of reputable news agencies and the WHO directly, to find out the details for yourself.

As always, be careful what you click on, especially those emails that prey on panic and fear.

flickr photo shared by coniferconifer under a Creative Commons ( BY ) license

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

3 Responses

  1. Spennick

    February 23, 2016 at 3:38 pm #

    Hmmm…let's see if we can generalize: "Don't click on links in unsolicited emails from untrusted sources."

  2. coyote

    February 23, 2016 at 7:49 pm #

    'Both the file and the attachment have been identified as JS.Downloader, a malicious dropper that attempts to install other malware onto a user's infected machine.'

    You know, as much as I hate malware (and this goes especially because of many spam botnets which is a thorn in the side of every one including administrators – mail servers especially.. waste of my resources and waste of Internet resources) I have to say if this has to happen (and since it has it did indeed have to happen) I hope it's a virus just because it's about zika, also a virus.

    'Fortunately, it doesn't take much to avoid these emails. All a user needs to do is be careful about where they sourcetheir information.'

    Noting: sourcetheir (missing space). Also, I would say it is more correct (and I admit also I am a literal thinker so maybe most wouldn't see it this way) to say it doesn't take much to avoid the risks associated (since the email is going to be sent regardless so you can't really avoid the mail).

    'Social media and email might provide a useful indication of breaking news'
    Only if you mean one might be made aware of something but they should never believe anything of it until they verify it from a proper news outlet (and hope of course the news outlets aren't mistake as has happened but that's another story entirely).

    And forget not clicking on unsolicited mails: don't open them in the first place and make sure you have disabled macros (and never enable them). If you didn't request a mail – especially one with an attachment – then you really don't need it (maybe if it's someone you know or e.g. a mailing list but that's different). But even if you did you should always be careful because it might be that the sender isn't who you think it is (not even referring to spoofing but more like it might be malicious software on their computer/phone/whatever) or maybe they don't realise there is something harmful there (they don't run an antivirus for example and then they think the software is fine or their antivirus fails to pick up on it). Shortly: always be very careful with what you do (and run) no matter what the source is (writing it yourself notwithstanding).

    • coyote in reply to coyote.

      February 23, 2016 at 7:54 pm #

      In fact, if you didn't request anything then it is probably bad and if the sender (software or person) insists you need it it is absolutely bad (similar is like a salesperson – perhaps more so if it's a used car dealer). In both cases they have different intentions than helping you (if you really needed help you would seek it in some way and funnily enough if something is unsolicited you didn't seek it).

Leave a Reply