Fake CNN Site From Phishing E-mail Serves Trojan

Outsmart Malicious Hackers


The latest Phishing E-mails going round are leveraging on people’s need to digest the latest information, in this case about the Israel-Hamas conflict.

They set up a fake CNN site which prompts you to upgrade your flash player to view the video, of course it’s not Flash but a Trojan targeting your sensitive financial information.

I don’t think anyone reading this site would fall for this, but it’s good to be aware of it so you can let others know.

A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering “graphic” video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.

When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an “SSL stealer” Trojan that captures financial and other sensitive information, RSA said in a blog.

The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said Sam Curry, vice president of product management and strategy at RSA.

It’s an interesting piece of malware, it seems to go after SSL communications and carries out some kind of man in the middle attack by redirecting the valuable SSL traffic to a malicious 3rd party website.

Not as simple as the usual crap which just infects the computer as a spam zombie or infests it with pop-up adverts for casinos and viagra.

The social-engineering attack is different in that the e-mail pretends to come from a media company and then tries to steal financial data, he said. “Normally when you get phished they send you an e-mail pretending to be from a bank or other financial institution,” he said.

RSA discovered the attack early on Wednesday and has worked with others to get the fake site shut down. At a peak on Thursday as many as 80,000 of the phishing e-mails were being sent out, according to Curry.

It seems to be reasonably wide spread, but not huge. It does pose some kind of a threat and I think organizations should perhaps send out some kind of memo about this as I’m sure there’s a lot of legitimate CNN Articles being forwarded around so this one might slip through and land someone in trouble.

As always – be vigilant!

Source: Cnet (Thanks Navin)

Posted in: Malware, Phishing, Spammers & Scammers

, ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


2 Responses to Fake CNN Site From Phishing E-mail Serves Trojan

  1. navin January 13, 2009 at 8:32 pm #

    cheers!! :)

  2. victor February 11, 2009 at 10:31 am #

    well i wanna know how this work any to help?