OFFICIAL SECURITY BLOG

Cyber-criminals Use Cancer to Deliver Malware

March 13, 2014 | BY

Well, not literally, although that would make a frightening read.

Nonetheless, the folks at Softpedia reported on a spam campaign instilling fears of cancer to users via email.

The email features the UK’s National Institute for Health and Care Excellence (NICE) as the proposed sender.

Once a victim opens the email, they ‘re informed of their recent test results, which may indicate signs of cancer.

"We have been sent a sample of your blood analysis for further research. During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer. We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible."

(Image: Softpedia)

The attachment, which claims to be the victim’s test result, has a double file extension; the two files currently known to be distributed appear to be variants of the Fareit Trojan, capable of stealing passwords and DoS attacks.

Malwarebytes detects both of the files as Spyware.ZeuS.GO.

NICE has been made aware of the situation, and  are conducting an investigation to determine the origin of the emails.

NICE is aware that a spam email is being sent to members of the public regarding cancer test results. Please be assured that this email is not from NICE and we are currently investigating its origin.I guess the only question now is: what will they think of next?

_________________________________________________________________
Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and malware analysis. Twitter: @joshcannell