Tuesday, January 20th, 2009 at 3:13pm

Fake CNN E-Mail Lures PC Users Into Virus Trap

Posted by Jordan Erickson


Fighting in the Middle East. The second-most-watched cable news channel. E-mail.

Put them together, and you’ve got a perfect recipe for malicious hackers.

RSA Security, which makes the little key-chain doohickeys that allow many corporate staffers to log into their business computer accounts from home, reported Thursday that a “phishing” e-mail was making the rounds purporting to be a news alert from CNN regarding an imminent cease-fire in the Israel-Gaza conflict.

But when the viewer clicks on the embedded link, which looks as if it goes to the CNN Web site, he’s really taken to a fake Web page that asks him to download Abode Flash Player.

That in turn, of course, is not the real Adobe Flash Player, but a “Trojan horse” program designed to steal financial passwords and personal details.

“The scam is yet another example of how adept fraudsters are in engineering attacks with near real-time response to breaking news,” says RSA Security in a blog posting. “It also underscores the opportunistic nature of fraud purveyors who increasingly prey upon public interest and/or concern regarding national or global events of broad importance.”

Security experts still worry about the Storm worm, which first appeared in January 2007 in e-mails pretending to be about recent violent windstorms in northern Europe. It’s one of the most virulent pieces of malware ever written and has herded millions of computers into a hidden “botnet” of “zombie” PCs, which has yet to be fully activated.

This one, which RSA dubbed the “Cease-Fire Trojan Attack,” may be more short-lived. As of Thursday night, the security company said it had shut down the Chinese server hosting the fake Web page.

© 2009 Logical Networking Solutions: I.T. and Networking Specialist, Lake County, CA