0 Replies Latest reply on Aug 8, 2008 11:42 AM by HarryWaldron

    Fake CNN News email alerts are circulating extensively

      As multiple copies have been received, these fake CNN email alerts are circulating extensively. These realistic HTML based email messages appear almost legitimate, although some of the headlines have been sensationalized.

      As an additional social engineering approach, the "get the latest flash" to view the videos may be something users have encountered in the past, with legitimate Flash upgrades. These realistic messages should be avoided and when in doubt go directly to the mail CNN website, rather than trusting the legitimacy of an email message.

      Fake CNN News email alerts are circulating extensively
      http://blog.trendmicro.com/new-trojan-bait-cnn-videos/
      http://isc.sans.org/diary.html?storyid=4841
      http://sunbeltblog.blogspot.com/2008/08/fake-cnn-headlines.html

      QUOTE: This recent spam run looks fairly legit. It even comes with a tag line ”More videos, More news, More people saying: I just saw it in CNN.com” in the footer area -- perhaps to make it appear that the email is pushing a genuine CNN campaign. Both varieties though, appear to point to the download of the same file, get_flash_update.exe, in order to view the videos referred to in the spammed email.