Cybercriminals have inevitably taken advantage of the publicization of the Ebola virus in the news for several months. We’ve spotted a couple of malicious spam samples that reference the Ebola virus in the last week. The image below shows an example of one such e-mail purporting to be from the World Health Organization. The attached file poses as a document about Ebola virus safety tips.
Upon closer inspection, the RAR compressed file attachment is not a document file but an executable file of a DarkComet Remote Access Trojan (RAT). This Trojan makes use of its heavily obfuscated AutoIt-based script to run undetected by antivirus software.