Spam Alert: Huge Volumes of Fake CNN News Updates
Heads up on a new, very high volume Fake CNN News Update spam run that is making the rounds. The subject of the email is "CNN.com Daily Top 10." Our Threat Operations Center has seen over 5 million of these just in the last hour alone and over 80 million in the last 24 hours.
Below is a screen shot of the message.
Over the last few weeks we have been seeing large spam runs of what we are calling single-line spam where an email contains a brief lure based on fake news headlines such as "US track team disqualified from Olympics" or "Beijing Olympics postponed indefinitely" followed by a link. The web site linked to in the message is a link to a "video codec" (er, malware) that the user is prompted to download in order to view the online video.
The tactic being used here is similar to what we saw with the Porntube malware that we saw back in June (click here for original Porntube blog post) where the user is prompted to download the video codec when the page initially loads. If the user clicks "Cancel" to not download the codec, another popup is presented where the user is told that they have to download the codec to view the video. This endless loop continues until the user kills their browser session at the operating system level or installs the "codec."
This new CNN tactic is likely to be more successful than the single-line spam tactic that we had been seeing over the past several weeks as this message looks like it could be an news update email sent by CNN. This new message also attempts to trick the user into believing that they signed up to receive it because of their email preference settings at the CNN web site. If you see this message come into your inbox, delete it immediately.
Posted by smasiello at 10:09 AM | Link | 13 comments
Comments
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
and what does it install if you did fall for it? and how do you remove it
Posted by Nick on August 5, 2008 at 12:02 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
Thank you so much for posting this. I've been stalked and harrassed in the past two years and I thought that this was just one more stunt that the stalker was using to intimidate me. I'm sorry that people are being taken in by it but glad that it is not him. The message header in my case revealed this as the return path:
I looked at where the header was from before I opened the email. I had not ever subscribed to CNN email alerts. Thanks again for the heads up. I deleted both without opening them.
I looked at where the header was from before I opened the email. I had not ever subscribed to CNN email alerts. Thanks again for the heads up. I deleted both without opening them.
Posted by Thanks on August 5, 2008 at 10:22 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
PS
Sorry about the blank space above. I didn't realize that it would not post. Just wanted to give a heads up to people who are receiving this and doing a search just as I did.
Sorry about the blank space above. I didn't realize that it would not post. Just wanted to give a heads up to people who are receiving this and doing a search just as I did.
Posted by Thanks on August 5, 2008 at 10:23 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
FYI, this spam has also appeared on Facebook; it appears that the trojan, once compromising someone's computer, uses Facebook to spread the attack. Here is a message posted by a friend of mine on every single one of his friends' walls:
"
HEY GUYS GET YOUR GAMING ON!
ENTER AND WIN A PS3 Or Free PLASMA
ITS EASY AND FREE
SIGN UP AT THE URL BELOW
http://img228.imageshack.us/img228/3238/gameonit4.swf
"
"
HEY GUYS GET YOUR GAMING ON!
ENTER AND WIN A PS3 Or Free PLASMA
ITS EASY AND FREE
SIGN UP AT THE URL BELOW
http://img228.imageshack.us/img228/3238/gameonit4.swf
"
Posted by Paul R on August 6, 2008 at 5:34 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
We've been getting a lot of these, despite using a .co.uk doman name - had around 40 or 50 to one email box alone over the last 5 days.
Anyone aware of which scanners/versions will detect the fake codec?
Jonathan
Synergy Connections - Telemarketing Services
Anyone aware of which scanners/versions will detect the fake codec?
Jonathan
Synergy Connections - Telemarketing Services
Posted by Jonathan on August 7, 2008 at 4:07 AM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I to have received two of these fake CNN top ten spoofs.
After clicking on one story it loaded a Fake Antivirus XP 2008 software which I have partially disabled.
My question is what program or person can help in getting rid of the loaded portion of the program?
After clicking on one story it loaded a Fake Antivirus XP 2008 software which I have partially disabled.
My question is what program or person can help in getting rid of the loaded portion of the program?
Posted by Lee on August 7, 2008 at 1:43 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I have successfully used superantispyware from superantispyware.com the free version with all updates works very well. Also I turned off the system restore and rebooted and turned it back on.. this will clear everything. You also may need to find the HKCU/software/microsoft/windows/policies for the reg keys to add back the tabs on your display properties.
Posted by Kevin on August 7, 2008 at 3:23 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
Msg for Lee: If you're worried about the loaded portion, you can use something like HiJackThis to check what is actually being loaded on your system.
Find it here: "http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html"
Find it here: "http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html"
Posted by Sandi L. on August 8, 2008 at 12:30 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I just received one of these with the headline saying Danica Patrick was killed in a NASCAR test session, be aware out there
Posted by Nick on August 9, 2008 at 12:58 PM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I got one today saying a plane carrying the Yankees had crashed.
Posted by Amy on August 10, 2008 at 6:21 AM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I had this dreaded attack and only thing that got rid of it was Spybot which is free.
Posted by Elaine Agee on August 11, 2008 at 11:53 AM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I got one and it said You subscribed to CNN click to unsubscribe. I clicked unsubscribe does anyone know if my computer is infected?
Posted by amy on August 13, 2008 at 2:23 AM
Re: Spam Alert: Huge Volumes of Fake CNN News Updates
I am getting hell lots of spam from this botnet. Trace guys say that it is being flooded by Rustock...but recently an article published by FireEye says that its not a single botnet but 2-3 botnets running by same group.
For more...
http://blog.fireeye.com/research/2008/08/srizbi-and-rust.html
For more...
http://blog.fireeye.com/research/2008/08/srizbi-and-rust.html
Posted by Yasir on August 19, 2008 at 6:56 AM
