Beware! Fake CNN emails about USA bombing Syria spread malware

Graham cluley
Graham Cluley
@[email protected]

CNN Malicious hackers have spammed out an attack designed to infect computers, disguised as a breaking news story about the United States bombing Syria.

The emails, which claim to come from CNN, declare (in rather poor English) that the United States has dropped 15 bombs on Damascus.

The emails appear to be sent from [email protected] and have the subject line:

CNN: “The United States began bombing”

Sign up to our free newsletter.
Security news, advice, and tips.

Fake CNN email

(CNN) — Pentagon officials said that the United States launched the first strikes against Syria. It was dropped about 15 bomn on stalitsu syria Damascus. Full story >>

However, as researchers at Kaspersky Lab describe, clicking on links in the email takes the victim’s browser to poisoned webpages designed to infect computers with a Trojan horse by exploiting vulnerabilities in Adobe Reader and Java.

If you have kept your installations of Adobe Reader and Java updated with the latest security patches, and are running an up-to-date anti-virus program, you should be protected from the current threat – although, of course, the bad guys could update their attack at any time to exploit unpatched vulnerabilities.

But the best protection would be to avoid clicking on the dodgy links in the first place.

Teach yourself and your friends to not trust unsolicited “breaking news” emails sent out of the blue, and instead visit legitimate news websites for the latest developments on the worsening situation in Syria.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.