Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

Bogus CNN Custom Alert update: "BREAKING NEWS"


Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new replica wave of ' - BREAKING NEWS' alerts that are being sent out via spam emails. Similar to previous attacks related to 'Bogus CNN Custom Alerts', these emails contain links to a legitimate news page, but are designed to encourage users to download a malicious application posing as a video codec.

Over the last few days, the ThreatSeeker Network has seen huge volumes of spam wrapped up in CNN-themed templates - most recently email alerts listing the different popular events and news articles, which also encouraged users to download a video codec, which was actually a malicious file. Here is a screenshot of a sampled spam email:

The malicious payload is only accessed when the user clicks on the ‘’ link, which takes users to a Web page named up.html. This page issues a pop-up encouraging users to download a ‘missing’ video codec, a file called adobe_flash.exe.

Here is the screenshot of up.html page showing the popup and download window:

up.html obfuscated source code:

Here are a few examples of the varied subjects we have seen in this campaign: BREAKING NEWS: Michael Phelps wins 10th career gold, making him the winningest Olympian in history BREAKING NEWS: China beats out U.S. for gold in women's team gymnastics - BREAKING NEWS: Dark Knight establishes dominance with 400 million mark - BREAKING NEWS: How to save money on gas - BREAKING NEWS: Preliminary polls for the election - BREAKING NEWS: McDonald's found to breach FDA regulations, suspended from trading - BREAKING NEWS: Jury duties for you - BREAKING NEWS: Find out how to get top returns for your money at minimum risk - BREAKING NEWS: Abortion outlawed in California - BREAKING NEWS: Buy gold at lowest prices and make immediate profits - BREAKING NEWS: Anthrax case solved - BREAKING NEWS: Arsenal buys Ronaldo from Man Utd - BREAKING NEWS: Too much freedom will destroy America - BREAKING NEWS: Copycat murderer beheads woman on Greyhound bus - BREAKING NEWS: NASDAQ index gains 720 points overnight upon war announcement - BREAKING NEWS: Sony announces replacement to successful PSP gaming system - BREAKING NEWS: Americans loves to sue people - BREAKING NEWS: Please give your opinions for change - BREAKING NEWS: Sandwich recall amid Salmonella outbreak

Websense Messaging and Websense Web Security customers are protected against this attack.