A few days ago Sophos posted on their blog about a malware campaign targeting those subscribed to the CNN breaking news service. The nefarious email looks like it’s from CNN, but clicking the news links in the email lead to web pages that convince the reader to download an “updated flash player” (in this case it is actually a trojan called Mal/EncPK-DA.
As reported by Sophos,
The new worm is supposedly spreading through messages sent through Facebook encouraging recipients to click on a URL to view video/image content.
…
When run, this downloader downloads another Trojan from a remote server, which has been added as Troj/Agent-HJX. It also downloads and displays an innocent image from a popular download site, and saves it to the Windows folder as joke.gif.
The usual rules apply here. Be careful what you click on and what you download. Make sure it is actually coming from the source is appears to be (and keep your antivirus software up to date).
