The popularity and credibility of CNN is again being abused by malware authors. We have received reports of spammed messages that purport to come from the popular news network.
But this time, instead of fake news, the mail contains a clickable image that redirects users to an Online Canadian Pharmacy that offers different sexual enhancement drugs such as Viagra, Cialis, Phentrimine, Soma, VPXL, Levitra, etc.
Below is the screenshot of sample emails, followed by a screenshot of the Canadian Pharmacy website:
Advanced Threats Researcher Joey Costoya commented that the CNN spam is so frequently used, and that it serves almost as a template for spam runs. The only thing that differs, he says, is the spam links that are placed for the users to click on. This spam run is also somewhat a tamer follow-up to all the previous spam runs that ended with malware downloads:
- Another al Qaeda News Spam, Now on Video
- More Fake News, More Malicious CNN Spam
- New Trojan Bait: CNN Videos
- World War III Malware Spam
- Spam with an Identity Crisis
Also, this scenario of sexual enhancement drugs-related spam following malware-related spam runs denotes a “testing technique” spammers are using. It is possible that the malware-related spam runs are used to, first, test the viability of the propagation, and second, to turn infected machines into spam bots that will churn out spam for the next runs.
This technique was previously seen used on ImageShack-hosted SWF files, where a malware-related spam run was first seen, and followed by another spam run using the same technique, but this time endorsing sexual enhancement drugs.
This spam is already blocked by the Trend Micro Smart Protection Network. Other users are advised to ignore similar messages that arrive in their inboxes.
Update as of 23 October:
Using this same social engineering technique, spammers are also using CBS in the email messages they are mass mailing. These fake CBS messages share a very similar characteristic with those from the CNN run: instead of links, spammers embedded clickable images in the message body. When clicked, these images lead users to the same Canadian Pharmacy website.