Another malware attack is circulating in the wild today, especially through email. It arrives via bogus email which claims to be from CNN news. The email purports to contain news about Israel’s bombardment of Gaza. It also contains a link of the graphic video of Al Jazeera English Report about the news. The subject and the sender’s name varies with each mail.
Figure 1. Sender: “CNN World News”
Figure 2. Sender: “Media News”
When the victim clicks on the link, it will open a fake CNN webpage:
Figure 3. Authentic-looking but very fake CNN video page
If the victim clicks on the video “click to play” icon, an error message pops up:
Figure 4. A familiar cybercriminal ploy: to play the video, download a file
By clicking this, it will download the malicious file Adobe_Player10.exe.
Figure 5. The file is a certain Adobe_Player10.exe.
TROJ_INJECT.ZZ is an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX.
Aside from all malicious files being detected, such malware-bringing spam messages are already blocked through the Trend Micro Smart Protection Network.