As usual, the bad guys adhere to the Rahm Emanuel "never let a good crisis go to waste" school of thought. This time, it's Ebola-themed emails carrying infected attachments or links to malware-infested sites.
Last week, the United States Computer Readiness Team, a division of the Department of Homeland Security, issued an advisory warning users about spam campaigns that used the Ebola virus to bait users into clicking on malicious web links or attachments. This week, Trustwave, a private security and compliance consulting company, discovered several Ebola-themed threats.
One email purporting to be from the World Health Organization included a bogus file that claimed to include Ebola safety tips. Once downloaded, the file dropped a program onto the victim’s machine that evaded antivirus defenses. The program can do everything from grab shots off the victim’s webcam, record sounds from their computer’s microphone, take control of their desktop remotely, modify and upload files and steal passwords.NYTimes