Fake news is usually used to infectLike the alleged death of some famous personality or anything that catches your eye like a whale in a building, the goal is for victims to end up downloading a file or accessing a malicious page.
The actual news is also used as bait and the following is an example of this:
Spam email with news from Per
The previous capture corresponds to a spam mail Based on an actual event that recently occurred in Peru, they also include the logo of a local press to give it a touch of extra legitimacy.
At the end of the message they leave a link that appears to be a YouTube videoHowever, when you move the pointer and observe the real destination, you can see that the url is strange:
False links in the spam message
Clicking ends in a fake YouTube page requesting the Flash Player download, the offered file is actually a Trojan (flash_container.exe VT 5/42):
Fake YouTube in Spanish
In the server directories used for the attack you can see that the files were uploaded yesterday, one of them is a .txt that counts the times that the .exe Trojan is downloaded. At the time of writing this post had 70 downloads:
Files on the attacker's server
The main address has already been reported and is being blocked by anti-phishing filters.
As you can see, it is a simple but elaborate social engineer attack, aimed at Spanish-speaking Internet users and mainly from Peru, where the context of the news surely has more impact.
Thanks born for the delivery.
Like Clickjacking + Fake YouTube with surveys.
Fake YouTube asks to run a Java application to infect.