New Phishing Attacks: Fake CNN Email About Israel-Hamas Conflict Hides Trojans

Fake CNN email related to Israel-Gaza conflict leads you to a cnn.com phishing site that downloads trojans. An email has been discovered that appears to have come from CNN News that seems to contain news about Israel's bombardment of Gaza. Within the body of the email is supposed to be a link to a graphic video of Al Jazeera English Report related to the news. As you can probably guess, the link does not go to an actual video but goes to a phishing site that looks like a CNN web page. On the page is a "click to play" icon where an error message popups up if it is clicked on. The message asks that you "Please Download correct Flash Movie Player!". As we know from old CNN.com malspam attacks, a message like this will result in the download of a fake Flash player file which contains malware. The file was identified as "Adobe_Player10.exe".

The Adobe_Player10.exe file was detected by security researchers as TROJ_DLOADR.QK which is a Trojan that has the ability to connect to another URL which may be detected as TROJ_INJECT.ZZ.

The second trojan infection, TROJ_INJECT.ZZ, is an information stealer that may log keystrokes that launches a sniffer to gain your passwords that you may enter. In addition to the second Trojan, a rootkit was discovered to be dropped which is identified as TROJ_ROOTKIT.FX.

Security researchers are currently warning online users of this serious threat as they suspect thousands of these fake CNN News phishing emails have been sent out. Below are images from Trendmicro of the fake CNN News email messages and the phishing website.

Hackers do a good job with making phishing sites look like the real thing. Do you think the image above of the CNN.com/world web page would fool you? Would you think that it is a real CNN.com web page?