MSNBC, CNN Breaking News Alerts Really Malware

Posted Aug 13, 2008 by Susan Duclos
Millions of spam messages have been sent out using the title CNN Breaking News and now those same spammers are targeting MSNBC replacing the CNN with MSNBC and promising breaking news in their emails. Instead, malware is placed on user's computers.
Malware aka Malicious Software is malicious code that is put onto a user's computer without their consent.
In these latest attacks, people are sent emails which say Breaking News, one such email described the headline as referencing Elizabeth Taylor found murdered in her home, people click the item and a box pops up for the user to download a fake Flash player update and if the user clicks cancel another pop-up comes up stating the player must be downloaded to view the video, if the user clicks cancel again, the original download box returns.
This leaves the user with two options, one to close the browser and two to click the ok to download the update.
If the user clicks ok, they are infected with malware.
As of August 7, 2008, over 80 million messages were sent out in a 24 hour period, averaging 5 million per hour.
It started with fake CNN Breaking News alerts and now MSNBC is saying they are using their name in the headlines for these email spam attacks.
The spam unleashed Wednesday follows a massive campaign last week in which spammers impersonated That campaign saw 250 million spam messages sent in one intense 24 hour period, according to spam-fighting firm MX Logic Inc. Those e-mails appeared to include links to CNN's top 10 stories, but Internet users who were tricked into clicking on those links were sent instead to Web sites overseas that were booby-trapped with malicious software.
Recipients should immediately delete any unexpected e-mails purportedly from CNN, or any other firm that they haven’t done business with and authorized to contact them.
Reports say that this latest spam attack campaign is more likely to work than previous ones did because they look like real MSNBC or CNN news alerts, which people often click to read and watch video that is inside the email.
TVNewswer provides an example of one of the emails sent to their email inbox and it appears legitimate with the MSNBC privacy statement, address etc.... it mimics their real alerts.
Adobe blog has issued an alert and warning about installing Flash Player updates to "reiterate the importance of validating installers and updates before installing them", they also suggest never updating your installer unless you do it from their Adobe site on their install page which can be found here.