On 1 February 2016, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) in response to the outbreak of the Zika virus and its associated birth defects. Since this declaration, Symantec Security Response has observed a malicious spam campaign seeking to capitalise on the global interest in what the director of the WHO calls an “extraordinary event”.
Newsworthy events on a regional or global level often provide fertile ground for cyber criminals. In this case, the Zika virus’ impact in countries like Brazil is being leveraged, while the potential impact in other countries makes it a prime candidate for more malicious spam.
Why is this campaign so effective – people are worried, curious even, and it is no surprise that the first version of the spear phishing campaign was targeted at Brazil.
The malicious spam email claims to be from Saúde Curiosa (Curious Health), a health and wellness website in Brazil. The subject of the email says, “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” which translates to: “Zika Virus! That's Right, killing it with water!" The email itself uses imagery and text taken from a real article on Saúde Curiosa, but includes buttons and attachments to try to capture the recipient’s attention, such as “Eliminating Mosquito! Click Here!” and “Instructions To Follow! Download!” as well as a file attachment.
The links use the shortened Bitly service to obscure their true origin and will attempt to install JS.Downloader. Bitly is a wonderful service to shorten long or complex links for public consumption, but it can be susceptible to abuse.
The effects of spear phishing can be prevented in a number of ways. First using a cloud email security product like the one provided by Symantec/Norton may block the message before it gets to your inbox. But if you are silly enough to click on a link you need good anti-virus/malware, updated, detection to prevent further harm.