Spammers are shipping fake CNN emails laden with the Zeus banking trojan to take advantage of the US presidential election buzz.
Users in the United States and Canada have been infected by the phishing campaign in which fake CNN election news articles point victims to the infamous BlackHole exploit kit.
Security firm Trend Micro said the Tspy_Zbot Zeus variant deleted the initial executed copy of itself and monitored user activities to seize login credentials used for online banking.
Threat research manager Jamz Yaneza told SC the use of the Zeus variant was unique.
“The bad guys always seem to use a new variant that will target victims through email," Yaneza said.
"They are using the BlackHole spam phishing kit to make these emails or subject lines more humanised or professional.”
Yaneza said redirection to malicious URLs occured in the background which hid the attack from users.
Websense also detected the phishing campaign and published a blog post on the findings.
"Specifically, we have detected thousands of emails with this kind of content," it said. "We are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages."