CNN Spam Exploits Israel and Hamas ConflictWritten by Jesmond Darmanin on January 14, 2009
The little spam “breaking news” gremlins have struck again. Capitalizing on the war torn region between Israel and Hamas, another fake email containing a trojan has been discovered. Similar to the previous CNN spam exploits, the website that you may be redirected to from this malicious email looks like it attempts to load a flash video. The web site Spyware Remove reports a Adobe_Player10.exe file was detected by security researchers as TROJ_DLOADR.QK which is a trojan virus. It apparently has the ability to connect to another URL which may be detected as TROJ_INJECT.ZZ. This trojan infection, TROJ_INJECT.ZZ, is an information stealer that logs keystrokes, which launches a sniffer to gain access to security credentials that are entered through the computer keyboard. In addition to the second Trojan, a rootkit was discovered to be dropped which is identified as TROJ_ROOTKIT.FX.
Some Proactive Measures
Many times email messages in Outlook and other email clients messages initially show up as a series of images. People often choose to load the images, which will enable redirection to the website link when the image is clicked on with a mouse. If you choose to bypass or disable image loading, then it will prevent the web links from being active. In this particular case the “CNN” message would not be very effective in spreading malware because the embedded image link cannot be followed, if image loading is turned “off”.
Consider sharing information to your end user community about setting up a spam rule in Outlook or whatever email system is being used. Although rules may not block every spam message, this type of rule can thwart disaster by sending dangerous virus infected messages to your junk mail folder. Instruct email users, step by step, to manually create an [Outlook] rule to help catch messages that contain either “CNN” in the “From” email address, the email “Subject” or the actual “body” of the email. This simple technique creates an excellent filter to look for the specific text in three (3) different sections of an email to quickly move this malicious message to your junk email folder.
I know from personal experience that time taken to create a simple rule like this is definitely worth a pound of prevention, with these types of deadly spam emails. The best spam defense is the proactive offense in continuously educating your end user email community.