Fake CNN site from phishing e-mail hides a Trojan
RSA discovers phishing e-mail that leads to bogus CNN site with Trojan designed to steal sensitive data.
A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering "graphic" video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.
When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.
The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said Sam Curry, vice president of product management and strategy at RSA.
The social-engineering attack is different in that the e-mail pretends to come from a media company and then tries to steal financial data, he said. "Normally when you get phished they send you an e-mail pretending to be from a bank or other financial institution," he said.
RSA discovered the attack early on Wednesday and has worked with others to get the fake site shut down. At a peak on Thursday as many as 80,000 of the phishing e-mails were being sent out, according to Curry.
