Issue 151 - April, 2013 (1st Edition) - Page 18
Fake CNN Emails About Pope Point to Malwaree
Emails purporting to be CNN notifications suggest that recipients click a link to read CNN.com articles relating to the pope.
The emails are not from CNN and the links do not open genuine CNN articles. The links lead to compromised websites that harbour malware.
Subject: Opinion: Pope 'could be sued over child abuse'! Exclusive! - CNN.com
Please note, the sender's email address has not been verified.
You have received the following link from [removed]
Click the following to access the sent link:
Pope 'could be sued over child abuse'! Exclusive! - CNN.com*
Get your EMAIL THIS Browser Button and use it to email content from any Web site. Click here for more information.
*This article can also be accessed if you copy and paste the entire address below into your web browser.
by clicking here
According to these emails, which purport to be from US based news outlet CNN, uses can click a link to read breaking news stories pertaining to the pope. The messages include seemingly official CNN graphics and formatting. There are several versions of the message, all claiming to link to pope related news stories.
However, the emails are certainly not from CNN and the links to not open genuine news reports about the pope. In fact, the links lead to compromised websites
that harbour a version of the infamous Blackhole Exploit Kit
, a criminal web application that can exploit browser vulnerabilities to downlod and install trojans and other types of malware. Victims who fall for the ruse and click links in these messages may inadvertently install a variety of information stealing malware on their computers.
In some cases the scammers have used real news headlines about the pope taken from other sources in an apparent attempt to make the fake messages seem more plausible. During testing I found that some versions automatically redirect users to the genuine CNN website after the fake page has loaded and attempted to deliver its payload.
Criminals intent on distributing malware are generally quick to exploit significant news events such as the resignation of Pope Benedict and the subsequent appointment of Pope Francis. Be wary of opening links or attachments in unsolicited emails, even if they appear to come from a legitimate news source.
To help protect yourself from the Blackhole Exploit Kit and other types of attack ensure that your browser and operating system always have the latest security updates installed and use reliable anti-virus and anti-malware scanners
Last updated: March 20, 2013
First published: March 20, 2013
By Brett M. Christensen
Pages in this issue:
- Viral Facebook Message Falsely Claims that a Pictured Man is Posing as an RSPCA Officer and Stealing Dogs
- 'Bad Brit' - Nigel Farage and the Tory Party's Worst Nightmare
- Digital Pad ATM Skimming Device Warning
- UK National Lottery Scams
- Gun Owner Vehicle Tagging Hoax
- Carol's Story - Dating Scam
- Message Calls For Boycott of Starbucks For Its 'Attack on Traditional Marriage'
- Ransomware Warning
- Use Left Ear For Mobile Phone Hoax
- Bogus Warning - White Transit Van 'RH57 WSU' Trying To Steal Dogs
- Urban Legend - Couple Arrested at Airport with Dead Baby Stuffed With Drugs
- ACH Processing Service Malware Email
- Baby With Bong Protest Message
- Linda Singh - Blackberry Money for Forwarding Hoax
- Hoax - 'Punjab Rape Festival'
- Beware - 'Unsealed' Product Giveaways on Facebook
- DHL Notification Malware Email
- Fake CNN Emails About Pope Point to Malware
- Angolan Witch Spider - Giant Spider Hoax
- Bogus Health Warning - Scratch Card 'Silver Nitro Oxide' Coating Causes Skin Cancer
- March 2013 - Five Fridays, Five Saturdays, Five Sundays
- Australian Tax Refund Scam Email
- 'Confidential Document' Google Docs Phishing Scam