Stephen Withers
Monday, 18 August 2008 05:24
Your IT -
Home IT
Page 1 of 2
There's a good chance that you've seen at least one of the spoofed CNN or MSNBC spam messages that are doing the rounds - as many as 5 million of them are being sent per hour.
The spoofed messages are modelled on CNN and MSNBC alerts and feature headlines that are calculated to attract attention by tapping interest in celebrities, politics and other current issues.
Some of the headlines used are are outlandish, but there seems to be a trend to make them more believable. Recent examples include "Wildfires hit Arizona: leave thousands homeless" and "Cruise steals show in new Stiller movie".
The falsely described URLs in these messages lead to pages that attempt to instal malware on the victim's computer, typically in the guise of a codec supposedly needed to watch the video.
Examples we've seen appear to have originated from (most likely malware-infected) systems in the .br, .com, .in and .tw domains, and point victims to hijacked sites with .com, .es, .pl, and .ru URLs. That last TLD (.ru) is especially common in the spoof CNN alerts.
"Another dangerous aspect of these CNN and MSNBC emails is the intensity with which the messages have been sent," said Chris Astacio, a security researcher at Websense. "In this campaign alone, our Threatseeker Network has seen as many as 5 million messages sent, per hour, from multiple hosts worldwide."
5 million sounds a lot, but is it? Please
read on.
LATEST HEADLINES FROM YOUR IT
