Spammers are inundating inboxes with fake breaking news e-mails that lead to spoofed Web sites of CNN.com and MSNBC.com.
Last week spammers tried to spoof CNN.com breaking news e-mails that, when clicked on, took users to a spoofed Web page where malicious code was downloaded. This week, hackers are spamming MSNBC.com breaking news e-mails, according to eWeek.com .
The best advice for users–be careful what you click. The spoofed MSNBC messages try to entice victims with provocative subject heads, such as “msnbc.com - BREAKING NEWS: McCain told lies to win votes” and “msnbc.com - BREAKING NEWS: Jerry Yang relinquishes control over Yahoo.”
MX Logic believes the spammers behind the CNN.com e-mail ruse are the same behind the MSNBC.com e-mail scam.
Once a victim has clicked the link embedded within the e-mail, they are taken to a malicious Web page where further malware is downloaded onto the victim's computer. Typically, the user is taken to a Web page telling the victim that they need to install FlashPlayer. The victim has two options: kill his browser session or click the OK button. Doing the latter installs the malware.
Security researchers at MX Logic say the spammers sent over 250 million fraudulent CNN.com e-mails in one day last week. The spoofed MSNBC.com e-mails this week have come in waves of 1.5 to 2 million an hour, according to MX Logic's security blog.