stat counter

Thursday, January 8, 2009

Fake CNN malware attack spins Gaza angle

On a personal note, this happened to me last week. It wasn't a phishing CNN, but since I am constantly googling news on the events in Gaza, I unknowingly got a Trojan Horse which my genius neighbor took care of, said it was "EVIL". What it did was took over my Google page. It LOOKED like Google, but it wasn't. Every search I tried making took me somewhere crazy. For instance, a friend was trying to walk me through cleaning out my computer thinking it was something simple.
He would send me links, the one I received wasn't what he sent me. Then the ultimate, he told me to go to Lavasoft C-Cleaner, when I tried to link, it went to Pledge furniture polish. It became abundantly clear something was VERY wrong.

So now there are hackers which are known to be infecting computers with Trojan horses ALL connected to the Gaza crisis. This is SICK.

Using CNN, could it POSSIBLY be that CNN has reported that it was Israel who broke the cease fire first? That CNN had a reporter, Karl Penhall on board Free Gaza's "Dignity" which was rammed by the Israeli navy and REPORTED about it? Think these hackers might have a bone to pick with CNN and decided to kill two birds with one stone? Screw with CNN AND infect computers with a Trojan horse that are seeking news on GAZA?

Phony alerts try to dupe users into installing Trojan horse disguised as Adobe update

January 8, 2009 (Computerworld) Hackers have launched a large-scale spam attack masquerading as news notifications about the Israeli invasion of Gaza, security researchers said today, in a repeat of a massive campaign last summer that also posed as CNN alerts.

Yesterday morning, RSA Security Inc.'s FraudAction Research Lab spotted the first messages in the new attack, which take advantage of the ongoing conflict in Gaza. Israeli ground forces entered Gaza on Jan. 3 after several days of airstrikes and naval bombardments that began Dec. 27.

The messages, said Sam Curry, vice president of product management at RSA, pose as alerts from the CNN cable news channel, and promise "graphic and striking" images about the conflict in Gaza between Israel and Hamas.

"It starts off with phishing e-mail that tries to look like CNN," said Curry, "and then the social engineering aspect kicks in. The messages tries to get you to go to a Web site that looks like There, the [fake] site says you must update to Adobe Acrobat 10." Accepting the download delivers a Trojan to the PC instead.

"The Trojan is an 'SSL' stealer," added Curry. "It scrapes the disk and looks for traffic to and from known financial services."

The attack had been prepared weeks in advance, said Curry, and the hackers had only decided in the last several days to hang it on the events in Gaza. The FraudAction Research Labs' usual monitoring of cyber criminal activity, he said, had uncovered talk about an impending attack as much as four weeks ago.

During the interval, the attacks bandied ideas about what current event they would use to bait their attack. "There was some talk about the inaugural [of Barack Obama next week], the economy and massive drops in the Dow," Curry said. "They talked about how the news had to hit a critical threshold."

They eventually selected news of the Israeli attacks in Gaza against Hamas. "The thing is that they're completely apolitical," Curry noted. "They were ready to exploit significant news either way, whether there was a cease fire or an intensification of the conflict.

"It's ghoulish, like ambulance chasing," said Curry.

Other security companies reported the campaign, and said the attack is growing very quickly. MX Logic Inc., for example, said that it had seen a major jump in attack volume today.

Early Thursday, said Sam Massiello, vice president of information security at MX Logic, traffic spiked to a pace of about 80,000 messages per hour. "It peaked this morning, around 10 a.m. Mountain [Standard Time], but it dropped pretty quickly after that," said Massiello. "Now, it's holding steady at around 15,000 to 20,000 messages an hour."

Massiello noted the similarities between the newest attack and one conducted in August 2008, when MX Logic monitored more than 160 million messages in a 48-hour period. So far, the current campaign is much smaller. "It's nowhere near the volume of August," he said. "But remember, it took about three days for that attack to really ramp up."

In a posting to the MX Logic blog earlier today, Massiello listed some of the subject lines that the bogus CNN messages use, including "Hamas launching rocket war after Gaza evacuation," "Hamas Goads Israel into War" and "War in Gaza: while Israel and Hamas fight."

"They're trying to look topical," said RSA's Curry.


"Hamas Goads Israel into War" Gee I WONDER where this little horsie comes from.

No comments: