Advertisement

SPAM targets CNN Top-10 List emails

On August 8th, a massive SPAM email was discovered, millions of people all over the world had clicked and obtained viruses from "CNN Top-10 Lists".  As reported by ComputerWorld.com, 11 million people were clicking every hour on Thursday the 7th, by the 8th, it was down to 8 million per hour.  

An important development came some time during the following week, where the virus had morphed to a "CNN Custom Alert".  Also the article by ComputerWorld.com continues to describe how the virus also takes names from real news stories, and uses them as a link to a fake CNN site, and then asks the user to download an updated adobe media player.  This then downloads Spyware and other viruses to the computer.

The article talks with Bulgarian security researcher, Dancho Danchev, had found over 1,000 domains that were harboring the fake flash media player.  He later suggests that these hackers, did much reconnaissance on sites and figured out where the soft points for an easy application of the viruses could be placed.  

As I read this article, the feeling that came to me was that, this might have been the beginning of a new wave of spam, and viruses.  The key to successfully avoiding these social engineering attacks (like phishing, these attacks appeal to our interest in current events) is to not click on them. Or you could do what I do:

  • Never click on urls from first time or suspicious senders.
  • Use a Mac. Most of these attacks leverage weaknesses in Windows.
  • Use challenge-response for email security (Sendio).