Ponting Posted October 28, 2014 Share Posted October 28, 2014 Craig Spencer, a doctor from New York City, is the fourth and latest person diagnosed with Ebola in the U.S after arriving from Guinea. More news of infection outside Africa such as this could further fuel the ever-increasing fear and anxiety for ones own life and well-being, especially in terms of how one interacts with the outside world. People are trying to be more careful in their dealings than usual, always wanting to be on the know about the latest happenings. This is why web threats banking on perennial hot topics like Ebola could be effective lures against users, especially in the long run. Not so long ago, spam posing as an email from the World Health Organization (WHO), discovered by our friends at Trustwave, to carry a document containing information on how one can be safe from the deadly disease, which turns out to be a DarkComet RAT malware. Recently, we found ebolawarnings(dot)com, a domain claiming to offer an early warning system tool that can alert the user of any Ebola outbreaks near their area. Upon initial visit to the page, users are presented with the following prompt at the top-middle part of the screen: Below is a screenshot of the downloaded file with an overview of its details: EbolaEarlyWarningSystem.exe has a low detection rate as of this writing four vendors detect it out of 53. Thankfully, Malwarebytes Anti-Malware users are protected from this file, which we detect as Trojan.MSIL. We'll add more about this file to the blog once we've looked into it further. Upon execution, however, it displays a user interface prompting users to install the ONLY Search toolbar with links to its EULA and Privacy Policy pages. Once users click the Agree button, they are again presented with other offers to download, such as a program called Block-n-Surf (a supposed tool used to protect children from adult-related content, System Optimizer Pro (a tool that purportedly optimizes the users system), oneSOFTperday (a tool that gives users access to free apps), and a remote access tool among others: Once programs are installed, the following have been observed from affected systems: 1.All browser default search pages are changed to ONLY Search 2.Once users open a new browser tab, affiliate sites are loaded up (e.g. a site offering insurance) 3.Browser windows open to prompt user to install more programs 4.System Optimizer Pro executes 5.Affected machine slows down 6.Shortcut files are created on the desktop During testing, we haven't seen any installation of the Ebola Early Warning System toolbar or evidence of warning alerts. We implore users not to be easily swayed with software solutions banking on the Ebola scare. They may be more about enticing internet users into downloading programs that may potentially do harm on their systems, instead of helping them be aware of the current situation. Source: https://blog.malwarebytes.org/online-security/2014/10/new-online-ebola-alert-tool-is-anything-but/ Link to comment Share on other sites More sharing options...
jackieo Posted October 28, 2014 Share Posted October 28, 2014 Ebola scamware :pos: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.