Internet criminals have come up with a new way of distributing malware through email campaigns, they send breaking news emails from some popular news site likes CNN and the BBC. The emails are piggybacking on popular news or current affairs. The email links take victims to malicious websites containing malware.
Detailed Analysis of Emails claiming to be from CNN News or BBC News:
Emails purporting to be CNN notifications suggest the victim to click on a link to read the breaking news stories pertaining to the pope.
These emails are not sent from CNN, and also links don’t open any CNN news articles.
The messages include seemingly official CNN graphics and formatting. However do not click on the link, because if you do so, you will infect your computer with a Trojan horse.
The email says: Click the Following to access the sent link:
Pope ‘could be sued over child abuse claims’ Exclusive! – CNN.com
Any news story involving the new Pope Francis, as head of the Catholic Church, is bound to grab headlines, especially if it is scandalous.
Omniquad Security Research Labs found that the endpoint URL contains a criminal toolkit known as the BlackHole Exploit Kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing Trojans and other types of malicious software into victim computer. Victims who fall for the ruse and click links in these messages may inadvertently install a variety of information stealing malware on their computers.
During our research, we found that some versions automatically redirects victim to the genuine CNN website once the fake webpage has been loaded and attempted to deliver its payload.
Here are some of the other email subjects that claim to be from the BBC.
BBC-Email: USA government decided to follow Cyprus and rise deposit taxes!!!
BBC-Email: Cyprus already confirmed one time tax withdrawal TODAY!
BBC-Email: Cyprus Bank-Levy Passage in Doubt as EU Shows Aggression
BBC-Email: Cyprus banks shut extended to Monday
BBC-Email: Cyprus can amend bailout terms
BBC-Email: Cyprus decided to rise bank tax up to 15% for Corporate sector
BBC-Email: Cyprus effect on stocks likely long-term
BBC-Email: Cyprus government today accepted one time bank tax withdrawal but higher than expected
BBC-Email: Cyprus races to rework savings tax after closing banks till Thursday
BBC-Email: Cyprus rises tax value and confirmed one time withdrawal!
These are all very topical subject lines referring directly to current events.
If an email contains a link and you’re unsure whether it’s legitimate, hover over it with your mouse to see what address it directs you to. Also look out for confusing Alt Tags which may take your attention away from the bottom left corner when you hover with the mouse on the link. Even if the Alt Tag should say “BBC News” or “CNN”, unless the domain referred bottom left is also CNN or BBC, don’t click!
Be alert for clicking /opening links or attachments in unsolicited emails, even if they appear to come from a legitimate organization.
Omniquads Mailwall Remote cloud email filtering solution stops emails such as these for our clients. Our cloud web filtering solution Surfwall Remote blocks malicious links containing malware.
How to Protect yourself from email frauds.
- Never click on Hyperlinks within emails, instead, copy and paste them into your browser.
- Do not open any file attached to the email.
- Always look for “https://” and padlock on web sites that require personal information.
- If you didn’t initiate a transaction to which an email is referring, it’s probably a scam.
- Never respond to spam / suspicious email or emails from unknown senders.
- Do not supply your personal / Bank account information to strangers, they are most likely scammers.
- Use spam filtering software.
– The Omniquad Security Team