Connect with us

Hi, what are you looking for?

HEADLINES

Zika virus outbreak concerns used to spread malware

The country most notably affected by cases involving the Zika virus is Brazil, so it comes as no surprise that one of the first cases involving Zika-related malicious spam would focus on Brazilian citizens.

On February 1, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) in response to the outbreak of the Zika virus and its associated birth defects in the Americas. Since this declaration, Symantec Security Response has observed a malicious spam campaign seeking to capitalize on the global interest in what the director of the WHO calls an “extraordinary event.”

The country most notably affected by cases involving the Zika virus is Brazil, so it comes as no surprise that one of the first cases involving Zika-related malicious spam would focus on Brazilian citizens.

Description: SymMacToolkit:Users:satnam_narang:Documents:SRBlogs:ZikaVirus:brazil_zika.png
Figure 1. Malicious spam email in Portuguese, delivered to Brazilians

The malicious spam email claims to be from Saúde Curiosa (Curious Health), a popular website in Brazil. The subject of the email says, “ZIKA VIRUS ! ISSO MESMO, MATANDO COM ÁGUA!” which translates to: “ZIKA VIRUS ! THAT SAME KILLING WITH WATER !” The email itself uses imagery and text taken from a real article on Saúde Curiosa, but includes buttons and attachments to try to capture the recipient’s attention, such as “Eliminating Mosquito! Click Here!” and “Instructions To Follow! Download!” as well as a file attachment.

Description: SymMacToolkit:Users:satnam_narang:Documents:SRBlogs:ZikaVirus:bitly_zika_js.png

Figure 2. Links in malicious spam email lead to a file hosted on Dropbox

Advertisement. Scroll to continue reading.

The links behind these buttons lead to the URL shortening service Bitly, which redirects to the file hosting service Dropbox. Symantec products detect both the file hosted on Dropbox and the file attached to the email as JS.Downloader. Once a user is infected with JS.Downloader, it will attempt to download additional malware onto the compromised computer.

Newsworthy events on a regional or global level often provide fertile ground for cybercriminals seeking to capitalize on the interest in these events. In this case, the Zika virus’ impact in countries like Brazil is being leveraged, while the potential impact in other countries make it a prime candidate for more malicious spam.

Symantec Security Response warns users to be aware of unsolicited messages about the Zika virus and to follow best practices.

For instance, for information about the Zika virus, visit the World Health Organization’s website. Also, always look for trusted news sources, regionally and globally, for additional information. Avoid clicking on links or opening attachments in unsolicited email messages. Lastly, run security software on your computer and ensure that it is up to date.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

With the e-Commerce market projected to hit $24 billion by 2025, foodpanda sees significant growth potential in the local digital space.

HEADLINES

Emperador’s move to cashless payments reduces cash-handling risks, improves transaction speed, and enables the sales teams and retailers to focus on business growth and...

HEADLINES

inDrive gave away more than Php 1.1 million worth of rewards to its partner drivers which included a Honda ADV 160 motorcycle as the...

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

A leveled-up 5G connectivity, Smart 5G Max features significantly faster speeds for uploading and downloading, and ultra-low latency, providing customers with amazing mobile experiences.

HEADLINES

The project is expected to increase Asialink’s total loans to SMEs from Php 8.8 billion (around $150 million) to around Php 13 billion, with...

HEADLINES

The partnership enables MCU to integrate Fortinet’s Network Security Expert (NSE) training and certification program into its academic offerings, either as part of the curriculum or...

Advertisement