{"id":76455,"date":"2013-07-29T17:14:27","date_gmt":"2013-07-29T11:44:27","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=76455"},"modified":"2013-07-29T17:14:27","modified_gmt":"2013-07-29T11:44:27","slug":"obamas-speech-spreads-malware-2","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/obamas-speech-spreads-malware-2\/","title":{"rendered":"Obama\u2019s Speech Spreads Malware"},"content":{"rendered":"<p>Have you recently received any news which goes, \u201cObama speech to urge &#8216;refocus&#8217; on economy\u201d via any unsolicited email, which seems to have been sent by CNN? If yes, then let\u2019s hope you have not clicked any of the links embedded in the email. This feat is yet another of the ingenious attempts of cyber criminals to target their victims. Dubbed as Fake CNN Breaking News emails, such emails usually highlight a part of sensational news stories; presently they are based on topics related to Snowden, Harrison Ford, the Royal Baby, and the \u2018\u2019refocus\u2019 speech given by Obama.<\/p>\n<p>Each of these fake emails contains a link at the end prompting the reader to read the full story. These links were found to be nothing but a doorway straight to malware-infected websites. If a user clicks on these links, they would be taken to a website displaying a fake update of Adobe Flash. And if the user is tricked into clicking the update, then that will install the famous Trojan that goes by the name <strong>Zeus<\/strong>.<\/p>\n<p><strong>FYI<\/strong> &#8211; Zeus is a malware which is designed to steal its victim\u2019s banking information. Once it infects the system, it stays hidden until the victim visits a site which usually requests for the user\u2019s personal and\/or banking information.<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Sample email of the Fake CNN Breaking News on \u201cObama speech to urge &#8216;refocus&#8217; on economy\u201d<br \/>\n<\/span><\/strong><\/p>\n<p><a href=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2013\/07\/obama-fake-news-cnn-email.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-76462\" alt=\"obama-fake-news-cnn-email\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2013\/07\/obama-fake-news-cnn-email.png\" width=\"318\" height=\"246\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><em>President Barack Obama is set to give what is billed as a major speech on the economy, setting the stage for an autumn budget battle with Congress.<\/em><\/p>\n<p><em>He was expected to tout recent economic progress at Knox College, Illinois, without offering new policy proposals.<\/em><\/p>\n<p><em>On Monday, the president said he hoped to ensure Washington &#8220;refocuses&#8221; on the most important issues for Americans.<\/em><\/p>\n<p><em>Ahead of the president&#8217;s remarks, opposition Republicans argued the country needed action, not speeches.<\/em><\/p>\n<p><em>&#8220;Continue reading the main story&#8221;<\/em> (link that redirects the user to the infected website; link has been disabled)<\/p>\n<p><strong>Now, the technical part of the story:<\/strong><\/p>\n<p><strong>1<\/strong>. Clicking this link will take you to a compromised domain link, let\u2019s say &#8211;<\/p>\n<p>:hxxp: \/\/ekaterini.mainsys.gr\/suggested\/index.html [do not try to use this link, either by clicking it or copy pasting it to your browser.]<\/p>\n<p><strong>2<\/strong>. Notice the index.html; it loads two malicious java scripts:<\/p>\n<p>&#8211; &lt;script type=&#8221;text \/ javascript&#8221; src=&#8221;hxxp: \/\/ ftp.thermovite.de\/kurile\/teeniest.js&#8221;&gt; &lt;\/script&gt;<br \/>\n&#8211; &lt;script type=&#8221;text \/ javascript&#8221; src=&#8221;hxxp:\/\/ traditionlagoonresort.com\/prodded\/televised.js&#8221;&gt;&lt;\/script&gt;<\/p>\n<p>Hosting or injecting such malicious JavaScript, allows hackers to silently redirect the victim&#8217;s browser to load content and malware from a remote server. This is known as &#8220;drive-by download&#8221;, and is deemed as a huge security threat for end users and organizations.<\/p>\n<p><strong>Our Advice<\/strong>:<\/p>\n<p><strong>1<\/strong>. If you want to know what\u2019s going on with the Royal baby, Obama, Snowden, Batman, Superman, anyone, then visit the original website of your preferred news channel.<\/p>\n<p><strong>2<\/strong>. Always be suspicious of unsolicited emails, especially those that come from banks, news channels, and other trusted entities.<\/p>\n<p><strong>3<\/strong>. A no brainer \u2013 keep your system\u2019s security software updated.<\/p>\n<p>Online scammers will keep trying different techniques to target their victims. In order to stay ahead of them, educate yourself, your friends and family about all such internet threats, choose <a href=\"https:\/\/www.quickheal.com\/in\/en\/qhts\" target=\"_blank\">reliable security software<\/a>, and inculcate safe online practices.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Have you recently received any news which goes, \u201cObama speech to urge &#8216;refocus&#8217; on economy\u201d via any unsolicited email, which seems to have been sent by CNN? If yes, then let\u2019s hope you have not clicked any of the links embedded in the email. This feat is yet another of the ingenious attempts of cyber [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,133,24,4,300],"tags":[522,523,49,317,524,525],"class_list":["post-76455","post","type-post","status-publish","format-standard","hentry","category-email","category-hacker","category-malware","category-news","category-online-hoaxes","tag-fake-cnn-news","tag-malicious-java-scripts","tag-malware","tag-malware-attack","tag-malware-infected-emails","tag-online-hoaxes-2"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/76455"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=76455"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/76455\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=76455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=76455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=76455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}