Presidential election spurs malware-laden CNN spam

Share this article:

Spammers taking advantage of the presidential election buzz are delivering the banking trojan Zeus to users who fall for email ploys purporting to come from CNN.

Users, primarily in the United States and Canada, have been infected by the phishing campaign, where emails that look to be CNN news articles about the election link to malicious URLs hosting the BlackHole exploit code.

Security firm Trend Micro published a blog post Thursday about the Zeus variant, dubbed “Tspy_Zbot,” which deletes the initial executed copy of itself and monitors user activities to seize login credentials used for online banking.

Jamz Yaneza, threat research manager at Trend Micro, told SCMagazine.com on Friday that it's nothing new for attackers to leverage popular news to spread malware. What's unique in this case is the new variant of Zeus.

“We keep seeing this every time there's any kind of major event that is going on – in this case being a political election,” Yaneza said. “The bad guys always seem to use a new variant that will target victims through email. They are using the BlackHole spam phishing kit to make these emails or subject lines more humanized or professional.”

Yaneza said users often have no idea they have clicked a malicious link, as redirection to a malicious URL occurs in the background.

Security firm Websense also detected the phishing campaign and published a blog post Wednesday on the findings.

"Specifically, we have detected thousands of emails with this kind of content," the blog post said of phish emails that read "CNN Breaking News" in the subject line. "We are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages."

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.