It was inevitable that cybercriminals would capitalise on the global attention on the Zika virus outbreak. Security vendor Symantec has issued a warning on a malicious spam campaign that lures people into downloading a piece of malware called JS.Downloader by claiming to have additional information on the Zika virus. Here are the details.
Photo by US Department of Agriculture.
The World Health Organisation (WHO) has declared a Public Health Emergency of International Concern (PHEIC) on the current Zika virus outbreak that originated in South America. The virus causes birth defects for children born to mothers that has been infected with it. There have been a few isolated cases of infection around the world, mainly from individuals who have travelled to South America, and the rate at which it is spreading is alarming. Naturally, this is scaring a lot of people.
Cybercriminals can smell the fear and know that people are curious to learn more about the Zika virus. One of the first wave of attacks involves a malicious spam email campaign targeted at Brazilian citizens and claims to be from a legitimate health and wellness website in Brazil. The subject line of the malicious emails read "ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!" which translates to "Zika Virus! That's Right, killing it with water!".
The body of the email contains real content from the website Saúde Curiosa but includes buttons and attachments to entice curious recipients to click on them. This ultimately leads to a shortened URL link that redirects to Dropbox, where the JS.Downloader Trojan virus, known to download malicious files from the web and executes them on an infected PC, awaits. This is just one example of attackers using the Zika virus to ensnare victims. According to Symantec:
"Newsworthy events on a regional or global level often provide fertile ground for cybercriminals seeking to capitalize on the interest in these events. In this case, the Zika virus’ impact in countries like Brazil is being leveraged, while the potential impact in other countries make it a prime candidate for more malicious spam."
Symantec recommends going straight to the source if you do want to find out more about the Zika virus by going to the WHO website or reputable news sources directly rather than be tempted to open dodgy emails claiming to have some amazing insight on the infectious agent. It's all common sense, but sometimes people need to be reminded to use good judgment and not be swept up by mass hysteria.
Further reading: Your Non-Alarmist Guide To The Zika Virus
[Via Symantec Security Blog]