Have you recently received any news which goes, “Obama speech to urge ‘refocus’ on economy” via any unsolicited email, which seems to have been sent by CNN? If yes, then let’s hope you have not clicked any of the links embedded in the email. This feat is yet another of the ingenious attempts of cyber criminals to target their victims. Dubbed as Fake CNN Breaking News emails, such emails usually highlight a part of sensational news stories; presently they are based on topics related to Snowden, Harrison Ford, the Royal Baby, and the ‘’refocus’ speech given by Obama.
Each of these fake emails contains a link at the end prompting the reader to read the full story. These links were found to be nothing but a doorway straight to malware-infected websites. If a user clicks on these links, they would be taken to a website displaying a fake update of Adobe Flash. And if the user is tricked into clicking the update, then that will install the famous Trojan that goes by the name Zeus.
FYI – Zeus is a malware which is designed to steal its victim’s banking information. Once it infects the system, it stays hidden until the victim visits a site which usually requests for the user’s personal and/or banking information.
Sample email of the Fake CNN Breaking News on “Obama speech to urge ‘refocus’ on economy”
President Barack Obama is set to give what is billed as a major speech on the economy, setting the stage for an autumn budget battle with Congress.
He was expected to tout recent economic progress at Knox College, Illinois, without offering new policy proposals.
On Monday, the president said he hoped to ensure Washington “refocuses” on the most important issues for Americans.
Ahead of the president’s remarks, opposition Republicans argued the country needed action, not speeches.
“Continue reading the main story” (link that redirects the user to the infected website; link has been disabled)
Now, the technical part of the story:
1. Clicking this link will take you to a compromised domain link, let’s say –
:hxxp: //ekaterini.mainsys.gr/suggested/index.html [do not try to use this link, either by clicking it or copy pasting it to your browser.]
2. Notice the index.html; it loads two malicious java scripts:
– <script type=”text / javascript” src=”hxxp: // ftp.thermovite.de/kurile/teeniest.js”> </script>
– <script type=”text / javascript” src=”hxxp:// traditionlagoonresort.com/prodded/televised.js”></script>
Hosting or injecting such malicious JavaScript, allows hackers to silently redirect the victim’s browser to load content and malware from a remote server. This is known as “drive-by download”, and is deemed as a huge security threat for end users and organizations.
Our Advice:
1. If you want to know what’s going on with the Royal baby, Obama, Snowden, Batman, Superman, anyone, then visit the original website of your preferred news channel.
2. Always be suspicious of unsolicited emails, especially those that come from banks, news channels, and other trusted entities.
3. A no brainer – keep your system’s security software updated.
Online scammers will keep trying different techniques to target their victims. In order to stay ahead of them, educate yourself, your friends and family about all such internet threats, choose reliable security software, and inculcate safe online practices.
4 Comments
Thanks Rajib sir,
it’s Really such informative blog
thanks to sharing knowledge.
Thanks & Regards,
Manoj.
Thanks for sharing information.
Really gr8 and very helpful info on the new Malware.
Nice blog Rajib sir.
Thanks & Regards,
Hrushi Sonar
Very helpful info on the newly spreading Malware.
Nice informative blog Rajib sir.
Thanks & Regards,
Saurab Malviya.