Published on Security Management (http://www.securitymanagement.com)
Beware MSNBC.com Breaking News Spam E-mails
By Matthew Harwood
Created 08/15/2008 - 09:41



    
Wrap-Up?: 
No
Weight: 
0
Lead Headline?: 
No
Date: 
08/15/2008
By Line: 
By Matthew Harwood
Teaser: 
Spammers are inundating inboxes with fake breaking news e-mails that lead to spoofed Web sites of CNN.com and MSNBC.com. 


Last week spammers tried to spoof CNN.com breaking news e-mails  [1]that, when clicked on, took users to a spoofed Web page where malicious code was downloaded. This week, hackers are spamming MSNBC.com breaking news e-mails, according to eWeek.com [2].


The best advice for users–be careful what you click. The spoofed MSNBC messages try to entice victims with provocative subject heads, such as “msnbc.com - BREAKING NEWS: McCain told lies to win votes” and “msnbc.com - BREAKING NEWS: Jerry Yang relinquishes control over Yahoo.”




MX Logic believes [3] the spammers behind the CNN.com e-mail ruse are the same behind the MSNBC.com e-mail scam.


Once a victim has clicked the link embedded within the e-mail, they are taken to a malicious Web page where further malware is downloaded onto the victim's computer. Typically, the user is taken to a Web page telling the victim that they need to install FlashPlayer. The victim has two options: kill his browser session or click the OK button. Doing the latter installs the malware.


Security researchers at MX Logic say the spammers sent over 250 million fraudulent CNN.com e-mails in one day last week. The spoofed MSNBC.com e-mails this week have come in waves of 1.5 to 2 million an hour, according to MX Logic's security blog.


Related Resources: 
"Don't Fall for Angelina Jolie Spam [4]," by Matthew Harwood, Daily Headlines, July 18, 2008


"Watch Out for World War III, Say Security Experts [5]," by Matthew Harwood, Daily Headlines, July 14, 2008


"Security Patch Stops Spoofing [6]," by Matthew Harwood, Daily Headlines, July 11, 2008


Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 37,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703-519-6200 | fax 703-519-6299 | www.asisonline.org


ASIS


© 2012 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/news/beware-msnbc-com-breaking-news-spam-e-mails-004502

    
Links:
[1] http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111858

[2] http://www.eweek.com/c/a/Security/Security-Firms-Warn-of-Hackers-Spoofing-MSNBC-News-Alerts/

[3] http://www.mxlogic.com/itsecurityblog/index.cfm

[4] http://www.securitymanagement.com/news/dont-fall-angelina-jolie-spam-004371

[5] http://www.securitymanagement.com/news/watch-out-world-war-iii-spam-say-security-experts-004360

[6] http://www.securitymanagement.com/news/security-patch-stops-spoofing-004358