Fake Angelina Jolie CNN Story Contains Malware
If this email appears in your inbox, delete it right away--it's a malware scam.
CREDIT: ThreatTrack Security Labs
Angelina Jolie hasn't had a blockbuster film in a few years, but she's the unwitting star of a new malware campaign that might be coming to your email inboxes.
Two days ago Forbes named Jolie the highest-paid actress in Hollywood. This new spam campaign, discovered by researchers at ThreatTrack Security Labs, takes advantage of that news to try to trick you into clicking on some malicious links.
The spam comes in the form of an email supposedly from CNN. The subject line is "CNN: Forbes: Angelina Jolie tops list of highest-paid actresses" and the body of the email is a screen capture from the CNN Web page on the story.
Click any of the email's links, however, and you'll be prompted to download a file that looks like an Adobe Flash Player update (named "update_flash_player.exe"). But it's really a piece of malicious software.
Once installed, the software will download another malicious program that ThreatTrack Security identifies as a variant of a Zbot/Zeus, a type of Trojan that steals banking information.
Using current events as linkbait is a tactic known as "social engineering," a term used in technology to describe the use of emotional manipulation to achieve a goal instead of technological savvy. That's exactly what these scammers are doing: By sugar-coating their run-of-the-mill malware with the CNN logo and the promise of celebrity gossip, they're hoping to tempt recipients into a moment of unguarded Internet link-clicking.
The Royal Baby was also recently used as malware linkbait in a very similar scheme, ThreatTrack notes.
Jolie herself has been used as malware linkbait so many times that in 2008 some websites nicknamed her the "Queen of Spam."