Analysis by: Jude Israel Bordallo

With just a month away from the US elections, cybercriminals are already leveraging this event through a spam run. TrendLabs AntiSpam reseacrh engineers spotted a phishing campaign that purports to come from CNN and takes advantage of the US presidential election. The said spammed message bore the subject, CNN Breaking NEws - Mitt Romney Almost President and leads to blackhole exploit kit.

Similar to other blackhole exploit kit spam run, it lures users into clicking the malicious URL. In this case, it uses fake news items regarding the presidential candidates and the upcoming elections. Once users clicked on the link, they are redirected to a site hosting the malicious JavaScript. While users patiently wait for the website to load, the script is already pointing them to a blackhole exploit kit server, where an exploit code starts to execute to deliver its final payload. A .JAR file is then executed to download other malicious files on the infected systems.

Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: October 11, 2012 GMT-8
  • ENGINE:7.0
  • PATTERN:9258