A new phishing campaign is disseminating malicious links with emails purporting to come from CNN saying that the United States has initiated military strikes against the embattled regime of Syrian President Bashar al Assad.
One such email, obtained by Kaspersky Lab and posted on Securelist, comes from “breakingnews[at]mail[dot]cnn[dot]com” and begins with an oversized link saying “The United States began bombing!”
The byline is then attributed to actual CNN reporter Casey Wian, and the fake lead reads, “Pentagon officials said that the United Stated launched the first strikes against Syria. It was dropped about 15 bomn on stalitsu syria Demascus.” The lead is followed by a second link that claims to lead to the full story.
If clicked, the malicious links included in the email lead to a website hosting an exploit kit that targets vulnerable versions of Adobe Reader and Java. Kaspersky Lab researcher Roel Schouwenberg explains that the attackers appear to favor the Java exploit over the Reader one because Java exploits are generally more reliable. Once executed, the exploit will upload a trojan downloader onto the infected system. The downloader then turns around and downloads various other malware.
Users with the most updated versions of Java and Reader would not be affected by this attack.
The email isn’t so far fetched considering that U.S. President Barack Obama has said that he is ready and willing to launch military strikes against the Syrian government as a punishment for the regime’s alleged use of chemical weapons in attacks that affected civilian populations. Of course, no strike has been launched as of now and President Obama recently said in a White House Rose Garden speech that he would seek congressional approval before committing to any military course in Syria.
Tensions cooled slightly in recent days after Syria accepted a proposal from the Russian government to place it’s extensive cache of chemical weapons under international control, a move that could push the war-wary U.S. away from direct military intervention in the three year old conflict.
The Syrian Civil War has been something of a catalyst for cyber-incidents. The regime-leaning Syrian Electronic Army has launched an extensive array of attacks against western targets, most notably media outlets and the companies that support them. Last month the group attacked the MelbourneIT, the domain registrar for the New York Times and a number of other prominent companies, and used their access there to alter the DNS records for the Times and others and so that users attempting to access those sites would actually end up visiting sites under the SEA’s control. Before that, the SEA launched attacks on the Washington Post and the Onion as well as a slew of other sites and services.
There have been two distinct Internet blackout in that country as well.