Threat analyst Juan Pablo Castro reports of spam announcing the declaration of World War III.
Figure 1. Sample spam that warns of World War 3
Figure 2. Another sample spam that warns of World War 3
The link provided points to a legitimate-looking CNN page with a video. However, users wishing to view this video are prompted to install an ActiveX Object:
Figure 3. Missing ActiveX object is actually a spyware
Note that CNN’s real URL is http://www.cnn.com.
The supposed ActiveX Object is actually malware, which Trend Micro detects as TSPY_BANCOS.JN. TSPY_BANCOS.JN, like all BANCOS variants, is an info stealer that monitors the browser of the affected system. It waits for the user to access certain banking-related Web sites, then spoofs the login pages of the bank Web site to steal sensitive account information.
The request to install an ActiveX Object is a popular ploy to spread malware these days, and this bogus ActiveX Object is yet another one designed to deceive the user to believe that he’s installing something useful.
Then again, use of sensational headlines is nothing new, and spammers are constantly churning their creative juices to invent the most inviting email subjects. Though Trend Micro products already block the malicious URL, the spam and the related malware through Smart Protection Network, users are advised to do the following for the next spam that finds it way to their inboxes:
Never reply. Never click. Never believe.