CNN Spam Leads to Malware

How does this threat get into users' systems?

Users receive spammed messages containing news on the Israel-Gaza conflict supposedly from CNN.

How does this threat affect users?

Users who are tricked into clicking the embedded link are redirected to a bogus CNN Web page that contains a supposed video on the said event. Clicking Play, however, led them to download a bogus Adobe Flash Player update (detected by Trend Micro as TROJ_DLOAD.QK). This connects to a URL to download TROJ_INJECT.ZZ, which dropped TROJ_ROOTKIT.FX.

How does this threat make money for its perpetrators?

TROJ_INJECT.ZZ logged users' keystrokes and stole data, which is then sold to the highest bidders in underground forums.

What is the driving force behind this threat?

As with any data-stealing malware, this attack was instigated by the lure of gaining profit from stolen personal credentials.