The recent unrest in the Middle East has become fodder for spammers looking to entice unknowing victims into downloading nasty malware. As we’ve seen in previous outbreaks, spammers use current events (e.g., the financial crisis, elections, major international events) to entice recipients. By masking the origin and tricking users into believing they are legitimate sources, the chances of successfully distributing malware go up.
As seen below, the recent outbreak appears to be sent from CNN with subject lines such as “israel’s war on hamas: a dozen thoughts,” “hamas goads israel into war,” “israel vows war on hamas in gaza” and “hamas launching rocket war after gaza evacuation.” The actual link, however, is not from CNN; it appears to point to the legitimate “edition.cnn” but the domain that follows hosts the hoax site.
Victims of the scam believe they are receiving legitimate news covering the war, and are taken to a Web site that closely resembles CNN. When they attempt to click on the link to watch the video, they get pulled into a complicated web of download screens prompting them to update their Adobe Acrobat or Flash player software. The only way to get out of the loop is to end the browsing session. If a user accidentally accepts the download, they actually install a Trojan which opens communication for the download of further malware from a remote location.
Adobe is well aware of the problem and has seen numerous attacks which exploit their name and trick people into downloading malware. Last summer, a similar outbreak claiming to originate from CNN was distributed. On the Adobe security blog, a post dated August 4, 2008 warns users not to download software claiming to be Adobe unless it is done directly from the Adobe download site.
CNN has also become aware of the scam. Like Twitter’s proactive apprach, CNN’s “Behind the Scenes” blog proactively warns CNN readers not to download any software pertaining to the Gaza conflict.