Fake CNN site from phishing e-mail hides a Trojan

A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering "graphic" video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.

When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.

The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said Sam Curry, vice president of product management and strategy at RSA.

The social-engineering attack is different in that the e-mail pretends to come from a media company and then tries to steal financial data, he said. "Normally when you get phished they send you an e-mail pretending to be from a bank or other financial institution," he said.

RSA discovered the attack early on Wednesday and has worked with others to get the fake site shut down. At a peak on Thursday as many as 80,000 of the phishing e-mails were being sent out, according to Curry.

This screen shot shows the error message that pops up on the fake CNN Web site. Instead of a legitimate download of Adobe Player a Trojan that steals sensitive data is installed.

(Credit: RSA)

[Vegaman_Dan]

It's a pretty good looking phishing attempt. Those guys are getting better all the time.

[saabsnpellegrion]

thank god for apples so far relatively low virus count or these stories that come out once every two days would bother me.

[goodspeed8701]

You have little idea of security. and also you fail to understand that hackers dont care about apple.

[cnetcensorssuck]

What doof would run an .exe file to watch a video?

[rcardona2k]

It's not an .exe for a video, it's an .exe to update Adobe Flash: Adobe_Player10.exe. Many could 'believe' their software is out-of-date and opt to 'upgrade.' I wonder if the .exe is digitally-signed which is in the next prompt, probably not and anyone clicking the phish link and accepting the .exe is already down the primrose path.

What's laughable is running an .exe on a Mac.

[gggg sssss]

this is adobe's fault.. too many POS sofware want to constantly ask to update itself, so the natural reaction is to click yes. Java update, Adobe update, Dell update, HP update, Roxio, Macrosision, Apple, Google, Firefox etc etc, These vendors have built up this response. They are all at faul.

[Greg5A]

So THAT'S where I got that "Trojan Downloader" that my security software caught and removed from my system! I specifically remember getting a request to update my Adobe Flash Player, etc.

Fortunately, I always run a sweep with my security software after every online session. However, I can't remember if it was my SpySweeper or AdAware that detected the Trojan.

The Trojan scumbags fooled me pretty good.

[tcardone05]

That's a BBC News flash lookalike too- have a look here: http://news.bbc.co.uk/2/hi/video_and_audio/default.stm
I have to give them credit- if I stumbled upon it, I'd probably fall for it only because I use both sites.

[ferretboy88]

I rather die than watch or read anything from CNN. Lowest rated news channel. For a reason.

[MikeBeckham]

Uh no.

Fox News > CNN > MSNBC > HeadlineNews.

[Dustyn]

WOW!
So, Microsofts "Phishing Filter" that is incorporated into Internet Explorer 7 FAILED to detect anything out of the ordinary? tssk.. tssk...

Just a test...

Just trying out Facebook Connect