SophosLabs reports that malware attacks tend to surge near major elections and the most recent is calculated to pull in anxious voters on either side of the political spectrum; a malicious email purporting to come from CNN declaring “CNN Breaking News–Mitt Romney Almost President.”
In a post on their NakedSecurity blog, Sophos explains why no one should click a link from an email like this:
Hack Hack Hack Hack It Apart
Cryptome, a sort of proto-WikiLeaks website best known for exposing the CIA analyst who found Osama Bin Laden, announced this week that its entire website had been hacked. But, in a surprising response from Cryptome founder John Young—a man suspicious even of tap water—no foul play was suspected. At least no more foul than the usual Internet hijinks.
Reached by phone, Mr. Young explained that the site had been attacked by malware from Blackhole exploit kit 12, the latest iteration of what TechWorld calls an insidious, but “incredibly common automated web compromise system. ” This kind of malware harvests IP addresses of people visiting the site for potential nefarious use later on, said Mr. Young.
Mr. Young discovered the malware when a reader got a virus this morning from downloading one of Cryptome’s files that had been in its directory for a long time. After some examination, his team discovered other files containing the malware script as well. Crytome, which made the breach public (part of the site’s mission to expose such security flaws), is currently in the process of completely restoring all of its 70,000 files and expects to be finished by the end of the day.