NEWS FROM THE LAB - Wednesday, August 13, 2008

MSNBC / CNN Malware Run Posted by Mikko @ 15:03 GMT

For some days we've been seeing spam runs with titles such as "CNN Alerts: My Custom Alert" or "CNN Alerts: Breaking news". These are fake news articles that point to a fake news page that will try to download malware to your machine.

Apparently people stopped clicking on fake CNN links as today the attackers switched the e-mails that look as if they are now coming from MSNBC.

Some examples:


Example e-mail:

  • From: MSNBC Breaking News
    Subject: msnbc.com - BREAKING NEWS: Elvis Presley daughter gives birth to twins
    Precedence: list

    msnbc.com: BREAKING NEWS: Elvis Presley daughter gives birth to twins
    Find out more at http://breakingnews.msnbc.com
    See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.
    This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
    newsletter because you subscribed to it or, someone forwarded it to you.
    To remove yourself from the list (or to add yourself to the list if this
    message was forwarded to you) simply go to
    http://www.msnbc.msn.com/id/11611202, select unsubscribe, enter the
    email address receiving this message, and click the Go button.
    Microsoft Corporation - One Microsoft Way - Redmond, WA 98052
    http://privacy.msn.com (http://privacy.msn.com/)

And the links point to a web page looking like this (notice the sudden change from MSNBC to CNN):


The site tries to prompt you to download ADOBE_FLASH.EXE, which we detect as Trojan-Downloader.Win32.Exchanger.mn.