Another malware attack is circulating in the wild today, especially through email. It arrives via  bogus email which claims to be from CNN news. The email purports to contain news about Israel’s bombardment of Gaza. It also contains a link of the graphic video of Al Jazeera English Report about the news. The subject and the sender’s name varies with each mail.

Figure 1. Sender: “CNN World News”

Figure 2. Sender: “Media News”

When the victim clicks on the link, it will open a fake CNN webpage:

Figure 3. Authentic-looking but very fake CNN video page

If the victim clicks on the video “click to play” icon, an error message pops up:

Figure 4. A familiar cybercriminal ploy: to play the video, download a file

By clicking this, it will download the malicious file Adobe_Player10.exe.

Figure 5. The file is a certain Adobe_Player10.exe.

Adobe_Player10.exe is detected by Trend Micro as TROJ_DLOADR.QK. Upon execution, TROJ_DLOADR.QK connects to another URL, which on the other hand, is detected as TROJ_INJECT.ZZ.

TROJ_INJECT.ZZ is an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX.

Aside from all malicious files being detected, such malware-bringing spam messages are already blocked through the Trend Micro Smart Protection Network.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!