Malicious hackers have spammed out an attack designed to infect computers, disguised as a breaking news story about the United States bombing Syria.
The emails, which claim to come from CNN, declare (in rather poor English) that the United States has dropped 15 bombs on Damascus.
The emails appear to be sent from BreakingNews@mail.cnn.com and have the subject line:
CNN: “The United States began bombing”
(CNN) — Pentagon officials said that the United States launched the first strikes against Syria. It was dropped about 15 bomn on stalitsu syria Damascus. Full story >>
However, as researchers at Kaspersky Lab describe, clicking on links in the email takes the victim’s browser to poisoned webpages designed to infect computers with a Trojan horse by exploiting vulnerabilities in Adobe Reader and Java.
If you have kept your installations of Adobe Reader and Java updated with the latest security patches, and are running an up-to-date anti-virus program, you should be protected from the current threat – although, of course, the bad guys could update their attack at any time to exploit unpatched vulnerabilities.
But the best protection would be to avoid clicking on the dodgy links in the first place.
Teach yourself and your friends to not trust unsolicited “breaking news” emails sent out of the blue, and instead visit legitimate news websites for the latest developments on the worsening situation in Syria.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.