Beware! Fake CNN emails about USA bombing Syria spread malware

Graham Cluley
Graham Cluley
@[email protected]

CNNMalicious hackers have spammed out an attack designed to infect computers, disguised as a breaking news story about the United States bombing Syria.

The emails, which claim to come from CNN, declare (in rather poor English) that the United States has dropped 15 bombs on Damascus.

The emails appear to be sent from [email protected] and have the subject line:

CNN: “The United States began bombing”

Sign up to our free newsletter.
Security news, advice, and tips.

Fake CNN email

(CNN) — Pentagon officials said that the United States launched the first strikes against Syria. It was dropped about 15 bomn on stalitsu syria Damascus. Full story >>

However, as researchers at Kaspersky Lab describe, clicking on links in the email takes the victim’s browser to poisoned webpages designed to infect computers with a Trojan horse by exploiting vulnerabilities in Adobe Reader and Java.

If you have kept your installations of Adobe Reader and Java updated with the latest security patches, and are running an up-to-date anti-virus program, you should be protected from the current threat – although, of course, the bad guys could update their attack at any time to exploit unpatched vulnerabilities.

But the best protection would be to avoid clicking on the dodgy links in the first place.

Teach yourself and your friends to not trust unsolicited “breaking news” emails sent out of the blue, and instead visit legitimate news websites for the latest developments on the worsening situation in Syria.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.