Sep. 6, 2013 at 8:06 AM ET
A fake email is being sent saying that the United States has begun bombing Syria. First, that's not true, and second, do not open the email. It contains malware.
Kaspersky Lab said it started seeing the emails Friday morning ET.
"We're currently seeing a spam run which involves a (fake) report from CNN saying that the US have started bombing Syria," wrote Roel Schouwenberg of Kaspersky Lab Expert on the security company's blog.
"We don't have exact numbers," of how many such emails were sent, playing to concerns about possible U.S. involvement in Syria's civil war, Schouwenberg told NBC News via email. "These actors perform multiple mass-mailings per day."
He wrote that clicking on the shortened Web link inside the mail will "lead to an exploit kit which targets older, vulnerable versions of Adobe Reader and Java. The attackers favor using the Java exploit over the Reader exploit, as Java exploits are generally more reliable."
The exploit then downloads a Trojan onto a user's computer system, which then downloads other malware. The goal: to get your personal information.
Users can protect themselves by making sure their security software is up to date, he told NBC News, and he recommends users uninstall Java if they can.
"If you see interesting headlines coming from a news organization over email it's better to manually go to their website, avoiding any links from the email," he told NBC News. "Running security software will also help, preferably one which has with advanced exploit protection."
This kind of attention-grabbing fake email might be the first, but it won't be the last, Schouwenberg said. If the U.S. does go ahead with military action against Syria, "we can expect a lot more Syria-themed malicious emails," he wrote.