So-called CNN emails on U.S. bombing Syria lead to exploit kit

http://www.securelist.com/en/images/pictures/klblog/208214061.png

Malicious emails, craftily disguised as breaking news from CNN that the U.S. is bombing Syria, are making the rounds online, researchers warn.

According to Roel Schouwenberg, a senior anti-virus researcher at security firm Kaspersky, who blogged about the phishing campaign last Friday, the emails actually contain shortened links leading to an exploit kit that targets vulnerable Adobe Reader and Java software.

More often, however, phishers prefer to use the “more reliable” Java exploits, he wrote.