CNN Video malware campaign

Since yesterday we have started seeing a malware campaign purported to be coming from legit CNN networks, with a subject line reading “ Daily Top 10”.

This is especially harmful for those who actually subscribe to CNN breaking news service, because to the unsuspecting eyes everything looks normal, as if it really came from the CNN service. But once a link in the email is clicked, it redirects you to a compromised website asking you to update the embedded flash player, which turns out to be Mal/EncPK-DA trojan. Sophos customers can rest assured that this campaign is now blocked both on the virus side and the spam side.

CNN Video Malware Campaign

More information: Graham Cluley has posted on his blog a video demonstrating how the email campaign leads unsuspecting users to a malware infection.