Don’t fall for "CNN Alerts: My Custom Alert" malware spam

Bogus, and malicious, emails claiming to be from CNN started showing up on Monday, Aug. 4. With a subject line, “CNN Alerts: My Custom Alert” or “CNN.com Daily Top 10,” these fairly legitimate-appearing emails had message bodies with messages like, “Coup demonstration in Mauritania.”

Most of the links in the email go back to CNN, except for the one that says “FULL STORY.” That’s the baddie. If you click the link, it takes you to a real-looking Web site (one I checked had the URL “cabinob.net/cnnheadlines.html” that claims that you need to install the latest version of the Flash video player — but it has a link to a fake version of Flash with embedded malware.

If you decline, it keeps asking over and over again, until you either install it or force-quit your browser.

Since the initial appearance, I’ve received hundreds of these messages, with increasing sophistication. Be advised, don’t be fooled. Don’t click it, don’t install it.

CNN has taken the unusual step of acknowledging this spam on its “Behind the Scenes” blog on Friday, Aug. 8. However, the message doesn’t go far enough by warning viewers that the software isn’t just spam, but that it installs malware:

http://behindthescenes.blogs.cnn.com/2008/08/08/fraudulent-spam-about-cnncom/

Earlier this week, a spam message purporting to be from CNN began circulating the Internet. We decided to blog about this to alert those of you who hadn’t yet received it to be on the lookout for it; and also to assure those of you who did receive it that the message was NOT, in fact, from CNN.

As you may know, spammers often disguise or forge the source of their e-mail to give recipients the impression that the message derived from another system, especially one tied to a recognizable brand. In this instance, the spammer chose to use the CNN brand.

The message, claiming to contain CNN’s Top 10 news stories and videos of the day, is fraudulent and did not originate from CNN. If you have received it, we suggest that you delete it from your mailbox. Further, we recommend you delete any e-mail message from your mailbox that you believe may be illegitimate.

Thanks to all of you out there who alerted us to the existence of this spam purporting to be from CNN.

Posted by: CNN Public Relations

http://behindthescenes.blogs.cnn.com/2008/08/08/fraudulent-spam-about-cnncom/