Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



Fake CNN Emails About Pope Point to Malware

Outline
Emails purporting to be CNN notifications suggest that recipients click a link to read CNN.com articles relating to the pope.

Fake CNN Pope Stories Carry Malware

Depositphotos.com/michaeldb



Brief Analysis
The emails are not from CNN and the links do not open genuine CNN articles. The links lead to compromised websites that harbour malware.

Bookmark and Share
Example

Subject: Opinion: Pope 'could be sued over child abuse'! Exclusive! - CNN.com

Please note, the sender's email address has not been verified.
You have received the following link from [removed]

Click the following to access the sent link:

Pope 'could be sued over child abuse'! Exclusive! - CNN.com*

Get your EMAIL THIS Browser Button and use it to email content from any Web site. Click here for more information.


*This article can also be accessed if you copy and paste the entire address below into your web browser.
by clicking here


Fake CNN Pope Reporst Lead to Malware


Detailed Analysis
According to these emails, which purport to be from US based news outlet CNN, uses can click a link to read breaking news stories pertaining to the pope. The messages include seemingly official CNN graphics and formatting. There are several versions of the message, all claiming to link to pope related news stories.



However, the emails are certainly not from CNN and the links to not open genuine news reports about the pope. In fact, the links lead to compromised websites that harbour a version of the infamous Blackhole Exploit Kit, a criminal web application that can exploit browser vulnerabilities to downlod and install trojans and other types of malware. Victims who fall for the ruse and click links in these messages may inadvertently install a variety of information stealing malware on their computers.

In some cases the scammers have used real news headlines about the pope taken from other sources in an apparent attempt to make the fake messages seem more plausible. During testing I found that some versions automatically redirect users to the genuine CNN website after the fake page has loaded and attempted to deliver its payload.

Criminals intent on distributing malware are generally quick to exploit significant news events such as the resignation of Pope Benedict and the subsequent appointment of Pope Francis. Be wary of opening links or attachments in unsolicited emails, even if they appear to come from a legitimate news source.

To help protect yourself from the Blackhole Exploit Kit and other types of attack ensure that your browser and operating system always have the latest security updates installed and use reliable anti-virus and anti-malware scanners

Bookmark and Share

Last updated: March 20, 2013
First published: March 20, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Spammers Bless New Pope with Spam
Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs