Paying attention to detail may not have been these spammers’ best skill.
Trend Micro Advanced Threats Analyst Joey Costoya reports this latest find:
Figure 1. Spammed email boasting breaking news.
If you were to click on any links here, however, you’d be quite surprised – because instead of ending up at MSNBC, you’d end up at CNN. This is what it looks like:
Figure 2. Fake CNN site
Figure 3. Download prompt wants user to Run or Save adobe_flash.exe.
So what’s going on here? The truth is, of course, you’re at neither site. This video page asks you to download adobe_flash.exe – which has nothing to do with Adobe, and is instead detected as TROJ_AGENT.KBE. Have we seen this before? You bet. Twice, in fact.
How did we get this unusual phishing/spamming scam with a split identity? “(The spammers) forgot to update their HTML template,” Joey Costoya says. Somewhere in the world, there are probably some malicious hackers saying, “Oops.”
While the Smart Protection Network will protect Trend Micro users, everyone should still be careful about both unsolicited email and links in those messages. That’s especially true for sites that, even at first glance, aren’t what they say they are. Like this one.
Additional information provided by Fraud Analyst Mary Ermitaño.