Email Scam Leads To Phony CNN Site
Hackers have launched a new email scam that attempts to lure unsuspecting users to a bogus CNN.com news site using the Gaza conflict in an effort to steal passwords.
The RSA FraudAction Research Lab discovered the scam and says the result of the attack is the infection of computers with a Trojan.
The RSA blog offers more details. "The fake webpage designed and hosted by the online criminals, is embedded as a link within the spam attack email. This fake webpage includes another link to what appears to be a legitimate video but is actually a form of crimeware. When visitors click on the video, they get an error message asking them to install Adobe Flash Player 10 in order to play the video, and a link is provided."
RSA says that a Trojan is launched when the link to the phony software is accessed called a Trojan "SSL stealer" that grabs financial and personal information of the infected user found on their computer.
Gary Warner, Director of Research in Computer Forensics at the University of Alabama at Birmingham (UAB) recommends that users do not open any emails received from an unknown source and to visit cnn.com and click on news stories from the official site.