Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Another malware attack is circulating in the wild today, especially through email. It arrives via  bogus email which claims to be from CNN news. The email purports to contain news about Israel’s bombardment of Gaza. It also contains a link of the graphic video of Al Jazeera English Report about the news. The subject and the sender’s name varies with each mail.

    Figure 1. Sender: “CNN World News”

    Figure 2. Sender: “Media News”

    When the victim clicks on the link, it will open a fake CNN webpage:

    Figure 3. Authentic-looking but very fake CNN video page

    If the victim clicks on the video “click to play” icon, an error message pops up:

    Figure 4. A familiar cybercriminal ploy: to play the video, download a file

    By clicking this, it will download the malicious file Adobe_Player10.exe.

    Figure 5. The file is a certain Adobe_Player10.exe.

    Adobe_Player10.exe is detected by Trend Micro as TROJ_DLOADR.QK. Upon execution, TROJ_DLOADR.QK connects to another URL, which on the other hand, is detected as TROJ_INJECT.ZZ.

    TROJ_INJECT.ZZ is an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX.

    Aside from all malicious files being detected, such malware-bringing spam messages are already blocked through the Trend Micro Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice