Breaking news malware turns generic, exploits conflict in Georgia

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

In recent weeks we have seen malicious email campaigns posing as breaking news stories from the likes of CNN and MSNBC.

The latest campaigns still use eye-catching headlines but have the generic subject line of “Weekly top news” and don’t claim to come from a legitimate news organization. Is this a sign that the CNN/MSNBC disguises weren’t working well enough for the bad guys?

In the example below, the headline refers to the conflict between Russia and Georgia in South Ossetia, and specifically an incident from 10 August when journalists from Russian news station NTV and Turkish agency Kanal Turk found themselves under fire.

Sign up to our free newsletter.
Security news, advice, and tips.

What should be clear from this example is that it’s not necessary for a story to be false, for the link associated with it to be malicious. The journalists did find themselves on the receiving end of gunfire.

Other examples seen in this malicious spam campaign have claimed to link to stories about “Madonna and Angelina Jolie in adoption war related lesbian romp!” (according to the email they are racing to adopt as much of Africa as possible – I have my suspicions that this story may not be true..), Microsoft planning to release details of Windows 7, and George Bush giving a pardon for tabloid favourite Lindsay Lohan.

Yesterday, the campaign had a slightly different disguise using the subject line “BREAKING news”, but otherwise followed the same pattern we have observed for some time now.

As always, don’t click on the links and ensure your desktop computers, email and web gateways are properly secured.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.