Beware! Fake CNN Breaking News emails spread malware attack

CNNIf you receive an unsolicited email containing breaking news, apparently from an organisation like CNN, be on your guard.

It may be that online criminals are attempting to infect your computer.

In the latest wave of attacks, documented by cybercrime researcher Gary Warner, cybercriminals have spammed out emails pretending to be CNN Breaking News alerts.

Harrison Ford breaking news email

The content of the emails *does* match real news stories published on CNN (such as Harrison Ford discussing his new movie "Ender's Game" at Comic Con or the latest developments in the case of former National Security Agency contractor, Edward Snowden.)

Edward Snowden breaking news email

The emails may look convincing enough, but if you were to click on the links you would be taken to a malicious website harbouring an exploit kit.

Before you know it, reports Warner, multiple attempts will be made to compromise your computer using a variety of exploitable vulnerabilities - ultimately leading to a fake update for Adobe Flash.

Fake Adobe download

It may look like the real Adobe website - but it's not!

This malware attack is designed to install the Zeus (aka ZBot) banking malware onto victims' computers. Presently, VirusTotal is reporting detection by 11 of the 46 anti-malware products in its collection.

The malicious campaign is clearly related to the Royal Baby malware attack that was reported yesterday (indeed Warner gives another example of a fake CNN breaking news email which exploits that particular story), and is further proof that cybercriminals are quick to jump on the bandwagon of hot news.

There are some important lessons for all computer users to learn to better protect themselves from attacks like these:

  • Keep your anti-virus up-to-date, and ensure your operating systems and software are fully patched with the latest updates.
  • If there's a news story you're interested in, go to a legitimate news outlet for the latest information. Don't trust unsolicited emails.
  • Always make sure that you are downloading security updates to your software from the real site - if in doubt, check the URL carefully!

You may be clued-up about computer security, but it's possible that you have friends or loved ones who aren't. You can help make the internet a safer place by sharing advice and tips about how they can better protect the security of their computers.

Hat-tip: Gary Warner, "Royal Baby" & Other CNN spam leads to malware"

Tags: , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , ,

No comments yet.

Leave a Reply