Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    The popularity and credibility of CNN is again being abused by malware authors. We have received reports of spammed messages that purport to come from the popular news network.

    But this time, instead of fake news, the mail contains a clickable image that redirects users to an Online Canadian Pharmacy that offers different sexual enhancement drugs such as Viagra, Cialis, Phentrimine, Soma, VPXL, Levitra, etc.

    Below is the screenshot of sample emails, followed by a screenshot of the Canadian Pharmacy website:

    Advanced Threats Researcher Joey Costoya commented that the CNN spam is so frequently used, and that it serves almost as a template for spam runs. The only thing that differs, he says, is the spam links that are placed for the users to click on. This spam run is also somewhat a tamer follow-up to all the previous spam runs that ended with malware downloads:

    Also, this scenario of sexual enhancement drugs-related spam following malware-related spam runs denotes a “testing technique” spammers are using. It is possible that the malware-related spam runs are used to, first, test the viability of the propagation, and second, to turn infected machines into spam bots that will churn out spam for the next runs.

    This technique was previously seen used on ImageShack-hosted SWF files, where a malware-related spam run was first seen, and followed by another spam run using the same technique, but this time endorsing sexual enhancement drugs.

    This spam is already blocked by the Trend Micro Smart Protection Network. Other users are advised to ignore similar messages that arrive in their inboxes.

    Update as of 23 October:

    Using this same social engineering technique, spammers are also using CBS in the email messages they are mass mailing. These fake CBS messages share a very similar characteristic with those from the CNN run: instead of links, spammers embedded clickable images in the message body. When clicked, these images lead users to the same Canadian Pharmacy website.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice