Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

Bogus CNN Custom Alerts


Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ network has discovered replica CNN Custom Email Alerts being sent out via spam emails. These emails contain links to a legitimate news page, but have been designed to encourage users to download a malicious application posing as a video codec.

Over the last few days, the ThreatSeeker Network has seen huge volumes of spam wrapped up in CNN-themed templates - most recently email alerts listing the Daily Top 10 Stories and Videos, which also encouraged users to download a video codec (again a malicious file).

The bogus CNN Custom Alerts spam we have been seeing today typically look like the following:

The malicious payload is only accessed when the user clicks on the ‘FULL STORY’ link - the first link behind the story title leads to a legitimate news page hosted on CNN. The news story is a recent article centered around the Beijing Olympics.

The ‘FULL STORY’ link takes users to a Web page by the name of cnn****.html. This issues a pop-up encouraging users to download a ‘missing’ video codec, a file called adobe_flash.exe.

The cnn****.html page with popup:


 cnn****.html obfuscated source code:


Our Security Labs have also seen evidence of this campaign and recent others being distributed via blog spam to further increase the chance of success:

Websense Messaging and Websense Web Security customers are protected against this attack.