Bogus CNN Custom Alerts
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ network has discovered replica CNN Custom Email Alerts being sent out via spam emails. These emails contain links to a legitimate news page, but have been designed to encourage users to download a malicious application posing as a video codec.
Over the last few days, the ThreatSeeker Network has seen huge volumes of spam wrapped up in CNN-themed templates - most recently email alerts listing the Daily Top 10 Stories and Videos, which also encouraged users to download a video codec (again a malicious file).
The bogus CNN Custom Alerts spam we have been seeing today typically look like the following:
The malicious payload is only accessed when the user clicks on the ‘FULL STORY’ link - the first link behind the story title leads to a legitimate news page hosted on CNN. The news story is a recent article centered around the Beijing Olympics.
The ‘FULL STORY’ link takes users to a Web page by the name of cnn****.html. This issues a pop-up encouraging users to download a ‘missing’ video codec, a file called adobe_flash.exe.
The cnn****.html page with popup:
cnn****.html obfuscated source code:
Our Security Labs have also seen evidence of this campaign and recent others being distributed via blog spam to further increase the chance of success:
Websense Messaging and Websense Web Security customers are protected against this attack.