Falskt CNN-meddelande om Mitt Romney infekterar datorer

Sophos is warning about a malware attack that has been distributed posing as an email from CNN claiming to be breaking news about the US presidential election.

Emails with the subject line ‘CNN Breaking News – Mitt Romney Almost President’, are being spammed out to lure internet users into visiting a website hosting the notorious Blackhole exploit kit.

All of the links in the email, which pretends to come from CNN and contains CNN’s logo, direct to infected webpages, capable of infecting Windows computers by exploiting a variety of vulnerabilities.

The main story in the email is headlined "More than 60 percent of votes will be in favor of Mitt Romney"

If the users’ machine is properly patched and protected against the exploits deployed by the Blackhole exploit kit, the attack presents what appears to be the official Adobe Flash Player download page – except it’s hosted on a virtual private server in Maryland, USA.

Without requiring any user interaction, the fake Adobe Flash download begins onto users’ computers. Running the fake update causes further malicious code – including a version of the Zeus (also known as ZBot) financially- motivated malware – to be installed. As a result, users’s login credentials can be stolen by cybercriminals.

"With people around the world keeping tabs on the election race, it is unsurprising that many will click, without thinking, on links which promise to give them exclusive information about the campaigns – especially as they come from what claims to be a well-known US news source," said Graham Cluley, senior technology consultant at Sophos. "Internet users need to take more care with what they’re clicking on and stick to visiting trusted websites directly, rather than relying on push technologies in email, Twitter and Facebook that may be scams in disguise."

"It is essential that followers of the election race continue to stay aware of potential attacks, as this is unlikely to be the last. In the 2008 presidential election there was a surge in malicious activity that continued for several months even after President Obama was elected. Furthermore, as scams change and get more sophisticated – we haven’t seen the automatic fake Adobe download before, for example – internet users must ensure their security precautions are kept up to date, and they stay alert to the threat," warned Cluley.

For more information on the CNN email scam, including images of the email and dangerous websites, visit Sophos’s Naked Security site at: http://nakedsecurity.sophos.com/2012/10/11/romney-president-cnn-alert

Graham Cluley is available for comment at +44 (0)1235 544114 or +44(0)7990552181

Follow Graham Cluley on Twitter: http://twitter.com/gcluley

Om Sophos
Hundra miljoner användare i 150 länder förlitar sig på Sophos för att skydda sig mot dataintrång och förlust av data. Produktutbudet består av datasäkerhetslösningar för kryptering, klientsäkerhet, webb, e-post samt accesskontroll av nätverk – som är enkla att hantera, distribuera och använda, och med branschens lägsta totalkostnad. Allt backas upp av SophosLabs, ett globalt nätverk med datasäkerhetscentraler som minutiöst följer hotbildens utveckling. Sophos har vunnit många utmärkelser och med dryga tjugo års branscherfarenhet betraktas man allmänt av ledande analysföretag som världsledare inom sitt område.

Huvudkontoret finns i Boston, USA. Regionkontoret i Kista utanför Stockholm ansvarar för Norden och Baltikum. För mer information, se www.sophos.com