Ebola is Infecting Computers; How to Protect Yours
No, your computer can’t catch the actual Ebola virus… its not even airborn yet. However, we are finding that criminals are taking advantage of the hype and scare and curiosity over Ebola to infect people’s computers more easily.
This is commonly being done via email. There are four prevalent types of email going around now that are meant to infect your computer:
- A fake report on the Ebola virus — when you click the link to read more, your Windows machine is infected with a virus that can collect and steal your personal information.
- A fake email from telecommunications provider that contains an important “Ebola Presentation” for your to download and view. If you do it, you install malware that can allow others to remotely control your computer, access your web cam, log what you type, etc.
- Fake emails talking about an “Ebola Cure” which contains a malware attachment and which asks you to forward the news on to your friends. The malware records your keystrokes and downloads additional malware on to your computer
- Fake emails about Ebola news and lists of “precautions”.
There are many other types of attacks and attack vectors that are being and can be exploited. We will go over many of these, below, and how to protect yourself from them. You should be very wary of any email received about Ebola, even if it appears to be from a friend. You should be especially wary of opening any attachments sent through email, unless you have good confidence that they are malware-free.
Common Email Attack Vectors
Criminals capitalizing on the Ebola epidemic and and those trying to use email, in general, to attack the unwary use a wide range of tactics to induce you to infect your computers. Beyond being completely paranoid and “not trusting anyone or any attachment” and “never clicking on links”, there are things you can do to protect yourself so that you can use email safely and effectively.
These all come back to having very effective spam and virus filtering on your inbound email. Preferably, filtering that happens server-side, automatically, before the messages ever arrive to your computer.
Here are some of the attack vectors used, and the kinds of filtering that can block them. We recommend that you review your spam and virus filtering service and make sure that in protects you from all of these vectors. If it does not, you may want to consider improving your level of protection.
File attachments
By far the most common vector for malware is to attach it to the email message and to somehow induce you to open it via the text of the message. Making you want to open it or by making you trust that the sender is someone you know and thus it is “Ok”
Every virus filtering software will scan email attachments and block ones deemed malicious.
You should make sure that your system updates its “definitions” in near real time. If you only get updates the definitions of what new “bad files” look like once a day or once a week, then you are more and more vulnerable to the latest attacks.
Zipped File attachments
Because all virus scanners are known to scan attachments, many criminals send the malware attached as a “zip file” or other compressed file.
This allows their virus-laden messages to get past scanners that cannot open and scan compressed attachments. Make sure that your virus scanner looks inside compressed attachments
Encrypted ZIP File attachments
No virus scanner can scan inside of an encrypted ZIP file attachment; but then, most people don’t send these on a normal basis. If you don’t, you should have your virus scanner automatically block them as they can be easy vehicles for malware…. ones that you can’t check until the file is opened on your computer….
Common Phishing Attacks
Email messages that are forged and appear to be from a reputable company but which seek to get you to do something that will put you at risk are called “Phishing” attacks. These are incredibly common and sent out in bulk like spam. They are detected early on and rules can be made to block these kinds of malicious email messages.
Be sure that your spam and virus filter can block phishing email messages.
Malicious Links
Messages that do not include attachments often try to induce you to click on a link that can result in an infection of your computer.
Your spam and virus filter can (and should):
- Allow you to block links in email messages (course and annoying), or better:
- Scan the pages that the links go to and block ones that go to malicious pages, or best:
- Scan the pages that the links go to when you click them and block the page if it is malicious at that time.
Option #3 is best … as the most advanced criminals send the messages with links that point to normal benign pages. Then, after the messages have been successfully scanned and delivered, they update those pages to include malware. If your AV scanner can check the page when you actually click on the link, you are under the best level of protection (beyond not clicking).
Malicious HTML
Other types of email messages actually include “HTML”, images, JavaScript, and other technologies that are commonly used to make messages “look nice” and be somewhat interactive. Various flaws in email programs, browsers, and other things can make it possible for criminals to attack you though the mere act of viewing your email message.
Beyond just “viewing all messages as plain text” you can still view these nicely formatted email messages and be safe if your spam and virus filtering can automatically strip potentially malicious HTML from your email messages … e.g. remove things such as JavaScript, iFrames, FLASH, etc. that are not normally needed or used in email and which could put you at risk.
DKIM and SPF
As the majority of malicious email uses forged email addresses as the senders (e.g. pretending to come from your friend or co-worker), your spam filter must support using these technologies to help detect if a message is fraudulent or not.
Does your current spam and virus solution protect you on all of these fronts? Is it updated in near-real time? Does it filter messages before they arrive on your computer?
If the answer is no to any of these questions, it may be time to re-evaluate your filtering solution and get a better one.
