More Than a Health Virus – How the Coronavirus Is Infecting Your Computer Networks with Malware

The coronavirus, now officially known as “Covid-19,” is a breaking news topic right now – and the news is pretty scary:

• The death toll has exceeded that of SARS in just a few short weeks, and hospitals in Wuhan, ground zero for the virus, are overwhelmed
• Doctors are dying from the infection, including the doctor who discovered it
• Most of the world’s masks and protective gear are made in China, which means the rest of the world might run out of masks
• The coronavirus spreads quickly – and it may become our new normal

Reports like these are leaving a lot of people worried about coughing and fever and, since the first US infection was right here in Seattle, all of us in the city might be a little more scared of the coronavirus than the rest of the nation is.

Cybercriminals are taking advantage of our fears. 

Let’s talk about how malicious hackers have turned the coronavirus into a weapon they can use to infect your business networks. 

Coronavirus Malware Attacks

Unfortunately, quite a bit of the information about the coronavirus is disinformation, which has been leading to rampant xenophobia. That doesn’t make anything better. Ever. 

This disinformation has left Seattleites looking for accurate, trustworthy information about the virus – so when they receive what looks like educational content in emails from the CDC, they’re happy to learn more about how they can protect themselves and their businesses. 

Don’t click these emails. 

Why not? Because the cybersecurity experts at Kaspersky have identified 10 unique malware threats, including worms and Trojans, which are hidden in PDFs, mp4s, and docx files in those fraudulent emails. The files pretend to deliver helpful info such as virus protection instructions, current threat developments, and virus prevention techniques – and it’s a dirty trick. 

Coronavirus Phishing Attacks

As if malware weren’t down and dirty enough, horrible cybercriminals are also sending out phishing emails that pretend to be from the CDC.

 

In this screenshot from Kaspersky, you’ll see that this email is trying to get you to click on a link that looks like it leads to the CDC’s website. (If you receive the email and you hover over that link, you’ll see that it actually leads you somewhere else entirely.) 

Since the Seattle area, plus Vancouver, has been hit by a total of 5 coronavirus infections (as of 2/10/20), this email, which pretends to give you an updated list of infections and cases within our city, is an extremely effective phishing email for our area. 

If you click the link in the email, it will direct you to an Outlook login lookalike phishing page. If you see that, don’t enter your credentials. This email is not from the CDC, and there is no reason you should have to provide your login credentials to Outlook to receive a public health bulletin. 

Don’t click, don’t take the bait. Don’t give cybercriminals a backdoor into your business computer networks. 

The Bitcoin Phishing Email

By the way, there’s also a less convincing email going around, again pretending to be from the CDC, which requests Bitcoin donations to help fight the virus and fund vaccine research… but you should be able to spot that one as a scam from a mile away. 

After all, the Bitcoin email has so many red flags (including Bitcoin donations, for crying out loud) and contains the baffling sentence which begins: “This e-plate is for timely intervention due to holiday extension of our public Institute/ banks not working…”) 

Yeah, don’t fall for that one. 

How to Avoid the Infection

The Bitcoin email sure is a really obvious scam, but the malware and updated infection list emails aren’t quite so easy to identify. You certainly don’t want a coronavirus email to infect your computer networks, so make sure you teach your staff to watch for these red flags when opening their emails:

• The “from” address – the CDC sends from cdc.gov, so avoid emails from similar-looking addresses like cdc-gov.org or cdcgov.org. 
• The URL address – in the updated infections list email, the long-form URL link looks like it’s from cdc.gov, but remember to hover over the link to check the real address. As you’ll see, it’s not from the CDC at all. 
• EXE file extensions – the malware files may appear to be PDFs, mp4s, and docx files, but if you look carefully, you’ll see that they’re EXE files, which means they’re not what they appear to be. Don’t download them, and don’t open them. 
• Extra steps – the WHO has declared the coronavirus as a public health emergency, and neither they, nor the CDC, wants to block any useful information behind a login screen. You should never have to enter in login credentials, create an account, install a program, or take any other extra steps to access critical health data about the coronavirus. So, if you run into a login screen – raise your eyebrows and close the browser window. 

One last important note about the coronavirus: It is important to keep up to date with new developments about this virus, but make sure you get accurate information from safe sources. We recommend: 

• The CDC’s website (the real one, not a scammer version)
• Nature journal’s continuously updated site
• This real-time dashboard from John’s Hopkins University

Keep Your Computer Networks Healthy with Interplay

Worried that you or a staff member may already have become infected with malware, or that you’ve already been phished? It’s best to get help right away to protect your business computer networks and systems, so you can keep your business and data secure. 

Lucky enough that you haven’t clicked on a bad email yet? Phew!

In that case, you’ll probably want to make sure your computer networks stay healthy and free of malware. The best way to do that is to work with the experts at Interplay, one of Seattle’s longest-standing IT support companies, and one of the city’s only true managed IT services providers (MSPs). 

It’s easy to get in touch with the Interplay team – but if you’re not ready to contact us yet, we suggest you prevent a computer malware infection by conducting your own, in-depth, DIY Network Health Assessment, completely free. 

 

Start your Network Health Assessment with this handy checklist.