The IT security product company Sophos is warning about a malware attack that has been distributed posing as an email from CNN claiming to be breaking news about the US presidential election.
Emails with the subject line ‘CNN Breaking News – Mitt Romney Almost President’, are being spammed out to lure internet users into visiting a website hosting the notorious Blackhole exploit kit.
All of the links in the email, which pretends to come from CNN and contains CNN’s logo, direct to infected webpages, capable of infecting Windows computers by exploiting a variety of vulnerabilities.
The main story in the email is headlined “More than 60 percent of votes will be in favor of Mitt Romney”.
If the users’ machine is properly patched and protected against the exploits deployed by the Blackhole exploit kit, the attack presents what appears to be the official Adobe Flash Player download page – except it’s hosted on a virtual private server in Maryland, USA.
Without requiring any user interaction, the fake Adobe Flash download begins onto users’ computers. Running the fake update causes further malicious code – including a version of the Zeus (also known as ZBot) financially motivated malware – to be installed. As a result, users’s login credentials can be stolen by cybercriminals.
Cluley, senior technology consultant at Sophos, says: “With people around the world keeping tabs on the election race, it is unsurprising that many will click, without thinking, on links which promise to give them exclusive information about the campaigns – especially as they come from what claims to be a well-known US news source. Internet users need to take more care with what they’re clicking on and stick to visiting trusted websites directly, rather than relying on push technologies in email, Twitter and Facebook that may be scams in disguise.”
“It is essential that followers of the election race continue to stay aware of potential attacks, as this is unlikely to be the last. In the 2008 presidential election there was a surge in malicious activity that continued for several months even after President Obama was elected. Furthermore, as scams change and get more sophisticated – we haven’t seen the automatic fake Adobe download before, for example – internet users must ensure their security precautions are kept up to date, and they stay alert to the threat,” warned Cluley.
For more information on the CNN email scam, including images of the email and dangerous websites, visit Sophos’s Naked Security site at: http://nakedsecurity.sophos.com/2012/10/11/romney-president-cnn-alert
