News
Contributed by: Aurelija Skurvydaite
Date: January 12, 2009
Spammers and other cyber criminals have always been interested in current events and breaking news. But that does not necessarily mean that they are interested in everything that's going on in the world. The most important and most probably the only one reason that makes them to get involved in important issues is their wish to trick as much potential victims as possible. This time cyber criminals are spreading new malware via emails claiming to be related to the Israel-Hamas conflict in Gaza. This large-scale spam attack is masquerading as CNN.com news notifications about the Israeli invasion of Gaza. Security researchers from RSA's FraudAction Research Lab were the first to discover the social engineering scam that features recent news and images, as well as CNN graphics and fonts. Spammers in this case are sending emails that purport to contain news about Israel's bombardment of Gaza. The email also has a link of the graphic video of Al Jazeera English Report related to the present situation. The subject and the sender of the email may vary with each letter. Below you can see a screenshot of a sample email belonging to this campaign:
As soon as the potential victim clicks on the provided link, he or she will be navigated to an authentic-looking but fake CNN webpage. The middle of the page contains a still image of a supposed video news story about the conflict in Gaza. And if the victim clicks on the video "click to play" icon, an error message appears, asking them to install Adobe Flash Player 10 in order to play the video. A link is provided for this reason. However, immediately after clicking the link that should download the new Flash Player, the malicious file Adobe_Player10.exe will be downloaded. Below you can find a screenshot of the fake CNN website:
The downloaded file is actually a Trojan "SSL stealer" that seeks to capture financial and personal information. It logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. Security experts from RSA's FraudAction Research Lab note that this particular Trojan is not new or a newly advanced piece of crime-ware. What is new is the socially engineered application of this Trojan that exploits users concerned about the recent events in Gaza. Once more everybody is warned to look with suspicion at any unsolicited emails and links that recipients are prompted to follow. The best solution in this situation would be to delete any similar emails even without reading them. In case you think that the received email is not part of spam campaign, you must be 100% sure of its legitimacy before clicking on any of the provided links or attached files. Of course, you should also don't forget to keep anti-spam filters and anti-virus software up-to-date. |
|||||
User Comments