Breaking news malware turns generic, exploits conflict in Georgia

In recent weeks we have seen malicious email campaigns posing as breaking news stories from the likes of CNN and MSNBC.

The latest campaigns still use eye-catching headlines but have the generic subject line of “Weekly top news” and don’t claim to come from a legitimate news organization. Is this a sign that the CNN/MSNBC disguises weren’t working well enough for the bad guys?

In the example below, the headline refers to the conflict between Russia and Georgia in South Ossetia, and specifically an incident from 10 August when journalists from Russian news station NTV and Turkish agency Kanal Turk found themselves under fire.

What should be clear from this example is that it’s not necessary for a story to be false, for the link associated with it to be malicious. The journalists did find themselves on the receiving end of gunfire.

Other examples seen in this malicious spam campaign have claimed to link to stories about “Madonna and Angelina Jolie in adoption war related lesbian romp!” (according to the email they are racing to adopt as much of Africa as possible – I have my suspicions that this story may not be true..), Microsoft planning to release details of Windows 7, and George Bush giving a pardon for tabloid favourite Lindsay Lohan.

Yesterday, the campaign had a slightly different disguise using the subject line “BREAKING news”, but otherwise followed the same pattern we have observed for some time now.

As always, don’t click on the links and ensure your desktop computers, email and web gateways are properly secured.