Fact Check

Mitt Romney Almost President

Warning about fake 'Mitt Romney Almost President' CNN Breaking News alert.

Published Oct. 13, 2012

Claim:

Virus:   Mitt Romney Almost President


REAL VIRUS


Example:   [Collected via e-mail, October 2012]


I received an email stating that if I recived an email with "CNN Breaking news - Mitt Romney Almost President" in the subject line, I was not to open it but was to delete it immediately. The claim was that if I opened this phishing email (a forward type email), my computer would immediately be taken over by a virus that would open my compouter to hackers and I could possibly lose all my personal and financial data.

Sounds hokey to me. However, one can't be too cautious these days. Is this true?



 

Origins:   In October 2012, many Internet users were spammed with an e-mail bearing a subject line of "CNN Breaking News — Mitt Romney Almost President" and offering what looked to be a summary of CNN news stories headed by one stating that "More than 60 percent of votes will be in favor of Mitt Romney":

The news that the Republican candidate had seemingly opened such a wide lead in the presidential contest was sure to entice many recipients into clicking on the provided link to read the details of the teased story. However, that link led not to the CNN site, but to a page redirecting users to some malicious code which can load a Java-based Trojan and relay information about which exploits exist on a victim's computer back to a BlackHole server, as noted by Sophos:



The links all follow the standard Blackhole exploit kit formula. The link in the email takes you to a page that directs you to some nasty JavaScript found on other sites controlled by the attackers.

The machine I was surfing from was not vulnerable to any of the exploits currently deployed in Blackhole, so it resorted to social engineering to get me to infect myself.

I was presented with a page that looks identical to the real Adobe Flash Player download page, except it was hosted on a virtual private server in Maryland, USA.

Without the need for a click it proceeded to download:
update_flash_player.exe
SHA1: 875e224c014b2f2ebe9841944becc5dd0e774f61


Last updated:   13 October 2012

David Mikkelson founded the site now known as snopes.com back in 1994.