Malware that appears as a CNN news report is being circulated by email.
Claiming to show a news report on the Gaza situation, the pop-up video actually features a Trojan downloader. The RSA FraudAction Research Lab discovered the social engineering scam that features recent news and images, as well as CNN graphics and fonts.
The webpage is embedded as a link within the spam attack email. When the video is watched the user will get an error message asking them to install Adobe Flash Player 10 in order to play the video, and a link is provided – when the Trojan is downloaded.
RSA claimed that this is ‘yet another example of how adept fraudsters are in engineering attacks with near real-time response to breaking news. It also underscores the opportunistic nature of fraud purveyors who increasingly prey upon public interest and/or concern regarding national or global events of broad importance'.
RSA also claimed that those responsible for this attack are the same gang as responsible for the recent classmates reunion scam.