Download our in-depth report: The Ultimate Guide to IT Security Vendors
In a particularly cynical move, spammers are sending out e-mails purporting to be about the fighting in Gaza, which has drawn international attention because of the hundreds of civilian casualties.
The spams, which appear to be news items from CNN, contain news about the fighting and a link to a fake CNN news site. Recipients who click on the link see a pop-up message urging them to install an upgrade to Adobe Flash Player 10.
Those who try to download the Flash upgrade get an SSL stealing Trojan installed in their computer that can penetrate secure Web sites.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iIn a blogpost, CNN.com executive producer Rena Golden warned that the message is fraudulent and did not come from CNN. She urged readers to delete it from their mailboxes.
The domains associated with the attack were hosted by a registrar in China, according to Sean Brady, product marketing manager at security vendor RSA's IAAG Group.
However, that may not be the end of these attacks, as the spammers can register domains elsewhere and continue their attacks.
Security vendor AppRiver told InternetNews.com that subject lines used include Gaza Groups Report on War, Israel Assaults Hamas In Gaza, Support Israel's Fight and Reminders of War in Gaza CNN.
Security vendor AppRiver told InternetNews.com that subject lines used include Gaza Groups Report on War, Israel Assaults Hamas In Gaza, Support Israel's Fight and Reminders of War in Gaza - CNN.
Purported senders include CNN Gaza Crisis News, CNN Media Center, CNN News, CNN News and Events, and CNN News Releases.
According to RSA's blog, the gang behind this Trojan is known and has a history of similar attacks.
This is not the first time spammers have leveraged CNN - during the Beijing Olympics last year, spammers sent out fake CNN news reports with Olympics-related headlines. In those attacks, too, they had a link urging an Adobe Flash update.