Don’t believe everything you read – because if you do, cybercriminals are going to take advantage of your gullibility and infect your computer with a Trojan horse.
Malware campaigns spammed out in the last 24 hours have pretended to be breaking news stories from the likes of CNN and the BBC.
Here are some examples, claiming to be a breaking news alert from CNN, which have focused on arresting news stories around the new Pope.
Some of the messages are quite farcical:
Subject: Opinion: New Pope Sued For Not Wearing Seat Belt In Popemobile ... - CNN.com
While others are clearly much more serious:
Subject: Opinion: New Pope, Vatican officials sued over alleged sexual abuse! ... - CNN.com
Either way, you can probably understand why some computer users might be tempted to click on the links without thinking.
Meanwhile, more recent version of the malware attack have been spammed out pretending to be from the BBC:
- BBC-Email: Bank of America happy of Cyprus Central Bank Warns of Capital Flight
- BBC-Email: Cyprus 'Bank Raid' by Euro Banks
- BBC-Email: Cyprus already confirmed one time tax withdrawal TODAY!
- BBC-Email: Cyprus Bank-Levy Passage in Doubt as EU Shows Aggression
- BBC-Email: Cyprus banks shut extended to Monday
- BBC-Email: Cyprus can amend bailout terms
- BBC-Email: Cyprus decided to rise bank tax up to 15% for Corporate sector
- BBC-Email: Cyprus effect on stocks likely long-term
- BBC-Email: Cyprus government today accepted one time bank tax withdrawal but higher than expected
- BBC-Email: Cyprus races to rework savings tax after closing banks till Thursday
- BBC-Email: Cyprus rises tax value and confirmed one time withdrawal!
- BBC-Email: EU wants rise of Cyprus bank levy
- BBC-Email: Several countries' deposits may be excluded from Cyprus Bank Tax, Why? We got a draft.
- BBC-Email: The Cyprus eurozone bailout conditions are bank robbery, 15%!!!
- BBC-Email: US banks hurt by Cyprus news
- BBC-Email: USA government decided to follow Cyprus and rise deposit taxes!!!
Clicking on the links of any of these emails, ultimately takes unsuspecting internet users to webpages containing obfuscated code that attempt to infect computers using the Blackhole exploit kit.
Sophos products detect the PDF Blackhole component used in this attack as Troj/PDFJS-ADE and Troj/PDFEx-GD. Meanwhile, the attack can also attempt to infect PCs using a Flash Blackhole component – detected by Sophos products as Troj/SwfExp-BN.
Of course, this is far from the first time that we have seen cybercriminals pretending to be the likes of CNN or the BBC in an attempt to get recipients to open an email and click on a link.
As always, keep your wits about you, and your security patches and anti-virus software up-to-date.Follow @gcluley
Thanks to Brett Cove, Peter Szabo, Savio Lau and Fraser Howard of SophosLabs for their assistance with this article.