The Hacking Economy

Cybercriminals prey on Ebola fears to get inside your computer

Sabrina Korber

A piece of malware sent via email spam is masquerading as an informative message from the World Health Organization on how to protect yourself against Ebola, according to cybersecurity firm Trustwave.

The email, which Trustwave says is part of a spam campaign from cybercriminals with the goal of infecting your computer, looks like a legitimate email message from the WHO and encourages the recipient to open the attachment by purporting to offer Ebola virus safety tips.

Read More What Apple should do about cyberattacks

Several hundred organizations appear to have been targeted by the spam, according to Trustwave, but it's unclear how many computer users may have been fooled.

"It follows the standard, successful formula for most phishing campaigns," said Karl Sigler, threat intelligence manager at Trustwave, a sense of authority, urgency and curiosity, plus no typos.

The message isn't harmful unless the email's attachment is clicked and opened, which would automatically install malicious software to gather information like passwords and account credentials.

Read More These countries are the biggest cyberattack targets

One sample of the malware, tested by Trustwave, showed that not only does the malicious software capture keystrokes as you type (a process known as keylogging), it also executes unnerving actions like capturing images and sound from your computer's webcam and allowing someone to remotely control your computer.

We hire young kids to hack us: BlackRock CEO

"We've only seen one sample from this campaign so far. At this time we don't have reason to believe it is a widespread campaign," Trustwave said on its blog post.

The WHO, for its part, says it has not sent any similar emails to the public and often posts any scam alerts on its website.

Read More'Massive' switch to new credit cards ahead

"Our normal emails are news releases to journalists, or regular communications between our public health experts and other institutions," said Daniel Epstein, a WHO spokesman in Washington. He said the WHO would also never send such messages to the general public.

Fortunately, this particular piece of malware can be caught by most antivirus solutions on the market today, according to Sigler, so protecting your computer can be as simple as keeping your anti-virus software up to date. Businesses should already have the latest technology in place to detect and block the spam attack in real time.