Beware! Fake CNN Breaking News emails spread malware attack

CNNIf you receive an unsolicited email containing breaking news, apparently from an organisation like CNN, be on your guard.

It may be that online criminals are attempting to infect your computer.

In the latest wave of attacks, documented by cybercrime researcher Gary Warner, cybercriminals have spammed out emails pretending to be CNN Breaking News alerts.

Harrison Ford breaking news email

Sign up to our free newsletter.
Security news, advice, and tips.

The content of the emails *does* match real news stories published on CNN (such as Harrison Ford discussing his new movie “Ender’s Game” at Comic Con or the latest developments in the case of former National Security Agency contractor, Edward Snowden.)

Edward Snowden breaking news email

The emails may look convincing enough, but if you were to click on the links you would be taken to a malicious website harbouring an exploit kit.

Before you know it, reports Warner, multiple attempts will be made to compromise your computer using a variety of exploitable vulnerabilities – ultimately leading to a fake update for Adobe Flash.

Fake Adobe download

It may look like the real Adobe website – but it’s not!

This malware attack is designed to install the Zeus (aka ZBot) banking malware onto victims’ computers. Presently, VirusTotal is reporting detection by 11 of the 46 anti-malware products in its collection.

The malicious campaign is clearly related to the Royal Baby malware attack that was reported yesterday (indeed Warner gives another example of a fake CNN breaking news email which exploits that particular story), and is further proof that cybercriminals are quick to jump on the bandwagon of hot news.

There are some important lessons for all computer users to learn to better protect themselves from attacks like these:

[unordered_list style=”star”]
  • Keep your anti-virus up-to-date, and ensure your operating systems and software are fully patched with the latest updates.
  • If there’s a news story you’re interested in, go to a legitimate news outlet for the latest information. Don’t trust unsolicited emails.
  • Always make sure that you are downloading security updates to your software from the real site – if in doubt, check the URL carefully!

You may be clued-up about computer security, but it’s possible that you have friends or loved ones who aren’t. You can help make the internet a safer place by sharing advice and tips about how they can better protect the security of their computers.

Hat-tip: Gary Warner, “Royal Baby” & Other CNN spam leads to malware”

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.