Symantec reveals that hackers are running a Zika-related malicious spam campaign, and the first case was observed in Brazil.
Brazilians got a malicious spam email in Portuguese that claimed to be from Saude Curiosa (Curious Health), a health and wellness website in Brazil. The subject of the email said, "ZIKA VIRUS! ISSO MESMO, MATANDO COM AGUA!" which translates to: "Zika Virus! That's Right, killing it with water!" The email itself uses imagery and text taken from a real article on Saude Curiosa, but includes buttons and attachments to try to capture the recipient's attention, such as "Eliminating Mosquito! Click Here!" and "Instructions To Follow! Download!" as well as a file attachment.
The links behind these buttons lead to the URL shortening service Bitly, which redirects to the file hosting service Dropbox. Symantec products detect both the file hosted on Dropbox and the file attached to the email as JS.Downloader. Once a user is infected with JS.Downloader, it will attempt to download additional malware onto the compromised computer.
Symantec Security Response warns that users must be aware of unsolicited messages about the Zika virus and follow the below-mentioned best practices to protect themselves:
- For information about the Zika virus, visit the World Health Organization's website
- Always look for trusted news sources, regionally and globally, for additional information
- Avoid clicking on links or opening attachments in unsolicited email messages
- Run security software on your computer and ensure that it is up to date