Pope sued over sexual abuse and not wearing seatbelt? Fake CNN and BBC news alerts spread malware

Filed Under: Featured, Malware, Spam, Vulnerability

Don't believe everything you read - because if you do, cybercriminals are going to take advantage of your gullibility and infect your computer with a Trojan horse.

Malware campaigns spammed out in the last 24 hours have pretended to be breaking news stories from the likes of CNN and the BBC.

Here are some examples, claiming to be a breaking news alert from CNN, which have focused on arresting news stories around the new Pope.

Some of the messages are quite farcical:

Fake CNN message

Subject: Opinion: New Pope Sued For Not Wearing Seat Belt In Popemobile ... - CNN.com

While others are clearly much more serious:

Another fake CNN message

Subject: Opinion: New Pope, Vatican officials sued over alleged sexual abuse! ... - CNN.com

Either way, you can probably understand why some computer users might be tempted to click on the links without thinking.

Meanwhile, more recent version of the malware attack have been spammed out pretending to be from the BBC:

  • BBC-Email: Bank of America happy of Cyprus Central Bank Warns of Capital Flight
  • BBC-Email: Cyprus 'Bank Raid' by Euro Banks
  • BBC-Email: Cyprus already confirmed one time tax withdrawal TODAY!
  • BBC-Email: Cyprus Bank-Levy Passage in Doubt as EU Shows Aggression
  • BBC-Email: Cyprus banks shut extended to Monday
  • BBC-Email: Cyprus can amend bailout terms
  • BBC-Email: Cyprus decided to rise bank tax up to 15% for Corporate sector
  • BBC-Email: Cyprus effect on stocks likely long-term
  • BBC-Email: Cyprus government today accepted one time bank tax withdrawal but higher than expected
  • BBC-Email: Cyprus races to rework savings tax after closing banks till Thursday
  • BBC-Email: Cyprus rises tax value and confirmed one time withdrawal!
  • BBC-Email: EU wants rise of Cyprus bank levy
  • BBC-Email: Several countries' deposits may be excluded from Cyprus Bank Tax, Why? We got a draft.
  • BBC-Email: The Cyprus eurozone bailout conditions are bank robbery, 15%!!!
  • BBC-Email: US banks hurt by Cyprus news
  • BBC-Email: USA government decided to follow Cyprus and rise deposit taxes!!!

Clicking on the links of any of these emails, ultimately takes unsuspecting internet users to webpages containing obfuscated code that attempt to infect computers using the Blackhole exploit kit.


Sophos products detect the PDF Blackhole component used in this attack as Troj/PDFJS-ADE and Troj/PDFEx-GD. Meanwhile, the attack can also attempt to infect PCs using a Flash Blackhole component - detected by Sophos products as Troj/SwfExp-BN.

Of course, this is far from the first time that we have seen cybercriminals pretending to be the likes of CNN or the BBC in an attempt to get recipients to open an email and click on a link.

Notorious examples include the fake CNN emails that claimed to contain a link to the Erin Andrews Peephole video or news that Mitt Romney had almost won the White House.

As always, keep your wits about you, and your security patches and anti-virus software up-to-date.

Thanks to Brett Cove, Peter Szabo, Savio Lau and Fraser Howard of SophosLabs for their assistance with this article.

, , , , , ,

You might like

One Response to Pope sued over sexual abuse and not wearing seatbelt? Fake CNN and BBC news alerts spread malware

  1. gregbacon · 715 days ago

    Looks like someone is copying CNN's faux method of reporting news.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.