Presidential election spurs malware-laden CNN spam

Share this article:

Spammers taking advantage of the presidential election buzz are delivering the banking trojan Zeus to users who fall for email ploys purporting to come from CNN.

Users, primarily in the United States and Canada, have been infected by the phishing campaign, where emails that look to be CNN news articles about the election link to malicious URLs hosting the BlackHole exploit code.

Security firm Trend Micro published a blog post Thursday about the Zeus variant, dubbed “Tspy_Zbot,” which deletes the initial executed copy of itself and monitors user activities to seize login credentials used for online banking.

Jamz Yaneza, threat research manager at Trend Micro, told SCMagazine.com on Friday that it's nothing new for attackers to leverage popular news to spread malware. What's unique in this case is the new variant of Zeus.

“We keep seeing this every time there's any kind of major event that is going on – in this case being a political election,” Yaneza said. “The bad guys always seem to use a new variant that will target victims through email. They are using the BlackHole spam phishing kit to make these emails or subject lines more humanized or professional.”

Yaneza said users often have no idea they have clicked a malicious link, as redirection to a malicious URL occurs in the background.

Security firm Websense also detected the phishing campaign and published a blog post Wednesday on the findings.

"Specifically, we have detected thousands of emails with this kind of content," the blog post said of phish emails that read "CNN Breaking News" in the subject line. "We are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages."

Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.