Security company Sophos today warned that an email posing as a CNN news alert about the US presidential election is actually an attempt to lure recipients to a website hosting the Blackhole malware suite.
The emails, carrying the subject line “CNN Breaking News – Mitt Romney Almost President” and a headline that reads “More than 60% of votes will be in favor of Mitt Romney”, bear the CNN brand and contain links to infected Web pages that exploit vulnerabilities in the Windows operating system.
If the targeted machine is protected against Blackhole exploits then users are presented with what appears to be the official Adobe Flash Player download page but is actually another infected site hosted on a virtual private server in Maryland, USA, according to Sophos. The fake update installs other malicious code, including a version of Zeus called “Zbot”, which is part of the Blachole suite and allows the theft of login credentials.
“With people around the world keeping tabs on the election race, it is unsurprising that many will click, without thinking, on links which promise to give them exclusive information about the campaigns, especially as they come from what claims to be a well-known US news source,” said Graham Cluley, senior technology consultant at Sophos.
“Internet users need to take more care with what they’re clicking on and stick to visiting trusted websites directly, rather than relying on push technologies in email, Twitter and Facebook that may be scams in disguise.
“It is essential that followers of the election race continue to stay aware of potential attacks, as this is unlikely to be the last. In the 2008 presidential election there was a surge in malicious activity that continued for several months even after President Obama was elected. Furthermore, as scams change and get more sophisticated – we haven’t seen the automatic fake Adobe download before, for example – internet users must ensure their security precautions are kept up to date, and they stay alert to the threat.”
