CNN Spam Leads to Malware


How does this threat get into users' systems?


Users receive spammed messages containing news on the Israel-Gaza conflict supposedly from CNN.


How does this threat affect users?


Users who are tricked into clicking the embedded link are redirected to a bogus CNN Web page that contains a supposed video on the said event. Clicking Play, however, led them to download a bogus Adobe Flash Player update (detected by Trend Micro as TROJ_DLOAD.QK). This connects to a URL to download TROJ_INJECT.ZZ, which dropped TROJ_ROOTKIT.FX.


How does this threat make money for its perpetrators?


TROJ_INJECT.ZZ logged users' keystrokes and stole data, which is then sold to the highest bidders in underground forums.


What is the driving force behind this threat?


As with any data-stealing malware, this attack was instigated by the lure of gaining profit from stolen personal credentials.