Here We Go Again: CNN Spam is now MSNBC Spam
Typically when a new, effective, high volume spam or worm tactic is released into the wild (Paris Hilton Videos, Free World Cup Tickets, Fake News Headlines, etc) the copycats are waiting in the wings and ready to latch onto whatever that tactic is hoping that they might see some success from it as well. This time, however it appears that the people responsible for the CNN Spam outbreak last week (original post here and update here) are now responsible for a new outbreak today alleging to be MSNBC news updates.
Similar to the CNN outbreak from last week these new MSNBC messages are identifiable by a very distinct subject line. All of the messages that we have seen thus far appear to be from "MSNBC Breaking News" and have a subject line that starts with "msnbc.com - BREAKING NEWS:" followed by some fake news headline.
Here are some examples of what we have seen in our Threat Operations Center thus far (and as usual, some that are just bizarre):
msnbc.com - BREAKING NEWS: Americans love law suits for breakfast
msnbc.com - BREAKING NEWS: Bomb scare grounds thousands of flights at UK Heathrow airport
msnbc.com - BREAKING NEWS: Copycat murderer beheads woman on Greyhound bus
msnbc.com - BREAKING NEWS: I will be suing you
msnbc.com - BREAKING NEWS: Mary-Kate Olsen implicated in Heath Ledger's death
msnbc.com - BREAKING NEWS: Sandwich recall amid Salmonella outbreak
Once opened, the email itself looks like this:
=======================================================
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.
=========================================
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
newsletter because you subscribed to it or, someone forwarded it to you.
To remove yourself from the list (or to add yourself to the list if this
message was forwarded to you) simply go to
http://www.msnbc.msn.com/id/25384336, select unsubscribe, enter the
email address receiving this message, and click the Go button.
Microsoft Corporation - One Microsoft Way - Redmond, WA 98052
MSN PRIVACY STATEMENT
http://privacy.msn.com (http://privacy.msn.com/)
If a user is tricked into clicking on the breakingnews.msnbc.com link (which doesn't really go to an MSNBC page, but you probably already guessed that), they are presented with a page that looks like this:
This is the same tactic that we saw with the CNN fake news updates from last week as well as with the Porntube malware tactic that we saw back in June (original post here). At this point, you are caught in an endless loop where you either need to kill your browser session or click the OK button, but doing that infects you with the malware.
So far we have seen two variants of these emails. The first links to a file named up.html at the end of the "breakingnews.msnbc.com" URL which linked to a page that is branded CNN, not MSNBC. This should be an immediate red flag to any user that something is not right. The newer variant that we just recently started seeing within the past hour links to msn.html. This page uses the same logo that is on top of the real msnbc.com site and will likely look more legitimate to users.
So far volumes have been ranging in the 1.5 to 2 million message per hour range. Although nowhere near the peaks that we saw with the CNN outbreak from last week, it also took 3 days for the CNN spam to reach those volumes. So, I would say that at this point since we have only been tracking this new variant for about 12 hours the lower volumes are no indication of what is to come, but just like in movies, the sequel usually isn't as good as the original...
Posted by smasiello at 1:01 PM | Link | 6 comments
Comments
Re: Here We Go Again: CNN Spam is now MSNBC Spam
I hope that most of the US ISP's like Comcast are blocking this site completely. Once again I have to call up T-mobile to have them credit these spams - this one, though, came through as a picture and not a text message.
Posted by john on August 14, 2008 at 11:28 AM
Re: Here We Go Again: CNN Spam is now MSNBC Spam
I AM VERY GRAETVULL THANKYOU ONE AND ALL
Posted by ken harrison on August 15, 2008 at 8:37 AM
Re: Here We Go Again: CNN Spam is now MSNBC Spam
I've written about this, and have seen dozens of these emails where I work.
http://www.abandonedstuff.com/2008/08/15/msnbc-and-cnn-spamming-you-no-its-a-botnet/
http://www.abandonedstuff.com/2008/08/15/msnbc-and-cnn-spamming-you-no-its-a-botnet/
Posted by Saskboy on August 15, 2008 at 11:45 AM
Re: Here We Go Again: CNN Spam is now MSNBC Spam
Hello partner. Thanks for this valious info. I am victim of this treatened emials in almost all my email accounts. Good to know it!
Posted by Rafael Jimenez on August 16, 2008 at 12:08 PM
Re: Here We Go Again: CNN Spam is now MSNBC Spam
haha ... i got tuns of this in spam folder, but i still wondered what is this spam for, because i thought msnbc.com is a regular website of MSNBC ... well, its not. thanks :)
Posted by running on August 16, 2008 at 12:55 PM
Re: Here We Go Again: CNN Spam is now MSNBC Spam
I was wondering why I had received 154 messages from msnbc in 4 days. Mine looks really realistic, it has an msnbc 08 page banner at the top.
Posted by Elizabeth on September 19, 2008 at 9:11 PM
