Cybercriminals are ever quick to spot an opportunity – especially when they are calendar-based regular opportunities. One such is with us right now: the US Presidential election. Sophos has warned of a new malicious email campaign purporting to be CNN breaking news: “Mitt Romney Almost President.”
“It's not really surprising considering the surge in malicious activity we saw during the 2008 presidential election,” writes Chester Wisniewski; activity that continued for months after the election. This year the lure has added piquancy given the recent Romney ‘success’ in the presidential debates. The headline, “More than 60 percent of votes will be in favor of Mitt Romney” is a little far-fetched but intriguing all the same.
The format of the emails, using multiple CNN headlines, is interesting. Readers who aren’t following the election may well be interested in one of the other ‘articles’. “Even if you decide news about the presidential election isn't your cup of tea, all of the other tantalizing stories promoted in this email link to the same content, but not content on CNN.com.”
In this email, all roads lead to a Blackhole exploit site. But a possibly new feature is included. Wisniewski notes that he visited the malicious site using a PC hardened against all known Blackhole exploits, “so it resorted to social engineering to get me to infect myself. I was presented with a page that looks identical to the real Adobe Flash Player download page, except it was hosted on a virtual private server in Maryland, USA.”
This page automatically downloaded a fake Flash updater. He suspects this might be in preparation for Internet Exlorer 10, which won’t allow plug-ins like Java and Flash – users may therefore be tempted to download from source. But of course, running the fake update doesn’t download Flash, it attempts to download more malware, including a version of Zeus.
The moral is Sophos’ oft-repeated advice: if you want to see or install something, go to the source website; don’t be taken. “Furthermore,” adds Graham Cluley, “as scams change and get more sophisticated - we haven't seen the automatic fake Adobe download before, for example - internet users must ensure their security precautions are kept up to date, and they stay alert to the threat.”