Thu, 07 Aug 2008 Fake CNN news malware spreading fast
Over a thousand hacked sites are serving up fake Flash Player software
Over a thousand hacked sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said Wednesday.
The bogus messages, which claim to be from the CNN.com news website, include links to what are supposedly the day's Top Ten news stories and Top Ten news video clips from the cable network. Clicking on any of those links, however, brings up a dialogue that says an incorrect version of Flash Player has been detected, and tells users they needed to update to a newer edition, said Sam Masiello, vice president of information security at Colorado-based security company MX Logic Inc.
One distinguishing feature of the attack, Masiello added, is the endless loop it uses to frustrate victims. If user clicks "Cancel" in the dialogue that prompts for an update, another pop-up appears, said Masiello, that tells the victim that they have to download it to view the video. Clicking "Cancel" there returns the user to the first dialogue.
"It puts you in this perpetual loop, so your only options are to kill your browser session or be brow-beaten into installing it," said Masiello.
MX Logic has detected more than 160 million spam messages in the fake CNN.com attack in the last 48 hours, he said. "It's not slowed down at all."
Tuesday, Bulgarian security researcher Dancho Danchev reported finding more than 1,000 hacked sites hosting the fake Flash Player update.
Hackers are getting brazen, he added, and apparently aren't afraid to disclose URLs of the sites they've compromised by embedding them in the spam they're spreading. "Malicious attackers have been building so much confidence in this risk-forwarding process of hosting their campaigns, that they would start actively spamming the links residing within low-profile legitimate sites across the web," Danchev said in a blog post Tuesday.
Adobe is aware of the malware posing as its Flash Player, and on Monday warned users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc.). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."
People who okayed the download of the bogus flash.exe file, said Danchev, instead received a Trojan horse -- identified by multiple names, including Cbeplay.a -- that in turn "phones home" to a malicious server to grab and install additional malware.
Masiello said MX Logic is still investigating, and has not been able to pin down what malware -- other than the fake Flash Player -- was actually installed on victims' PCs.
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/education/news/index.cfm?RSS&NewsID=22323
<<prev article | back to news index | next article>>
Do you share your creations online? % of Macworld readers agree with you What do you create and how do you share it? Follow the conversation at @TabletChat paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm I draw manga/anime characters. I also do graphic design and photography.RT @spialelo Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialeloQuestion of the day!
Latest News
- Apple intros Aperture 3, adds over 200 new features
- Walt Disney World iPhone update offers 300 pages, 500 photos
- VIP iPhone app drops from millionaire priced £279.99 to under a tenner
- Play.com: Google Nexus One now available for pre-order
- Amazon's Kindle gets ready to battle Apple's iPad
- Apple Store is down, new Macs imminent?
- Canon intros EOS 550D 18-megapixel DSLR camera
- WSJ: Apple could slash iPad prices if sales disappoint
- Apple offers 'find out how' tutorials as podcasts
- Adobe says sorry for 16-month-old Flash bug
- Getty launches subscription stock image service, Thinkstock
- RouteBuddy intros RouteBuddy Atlas 1.3 for iPhone, iPod touch
iPhone 3G S Video Review
Related News
- Rosetta Stone offers new language-learning levels in French, Italian, German, Spanish
- Wacom intros PL-2200 widescreen interactive pen display
- iPad to feature Apple's iBooks e-reader app
- BETT Awards 2010: Winners announced
- CES: COOL-ER intros new ebook models
- CES: Hands-on with dual-screen Alex ebook & Android touchscreen display
- Google joins BETT 2010 line-up
- First iPhones-for-pupils scheme to aid learning launched
- Bebo is worst social network for cyberbullying
- TeachMe: Kindergarten 1.0 comes to iPhone, iPod touch
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Are you a new customer? Are you doubtful? |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
50% off ebooks |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
Comments received
Oskar_B said on Thu, 07 Aug 2008
I have been receiving these emails for about 10 days now, at least once a day.
They all go straight into the Junk bin.
Jeanv said on Thu, 07 Aug 2008
I have been getting them for over a week as many as 12 a day - straight to junk
Andy Frizzell said on Fri, 08 Aug 2008
They've changed this morning from Daily Top 10 to CNN Alerts in the From field.
David said on Sat, 09 Aug 2008
Wasn't sure if I'd signed ip for alerts or not, so typed "cancel CNN alerts" into browser, went onto the CNN site to login, and found I didn't have an account. Thought the alerts were suspicious - I never risk clicking on links unless I'm sure they're kosher
Terry Bean bean webs and bean designs said on Sat, 09 Aug 2008
Two of my clients have caught this. One had to buy a new computer!. It downloads the spyware/virus XP Antivirus 2008 which will tell you you have a virus and prompt you to renew your subcription. If even creates a fake Blue screen of death and embbeds itself deep into the registry and windows folders.
Removal is almost impossible but will be publishing a link to a tool as soon as we have tested the toolf itself for malware!!
Terry Bean bean webs and bean designs said on Sat, 09 Aug 2008
Two of my clients have caught this. One had to buy a new computer!. It downloads the spyware/virus XP Antivirus 2008 which will tell you you have a virus and prompt you to renew your subcription. If even creates a fake Blue screen of death and embbeds itself deep into the registry and windows folders.
Removal is almost impossible but will be publishing a link to a tool as soon as we have tested the toolf itself for malware!!
Terry Bean bean webs and bean designs said on Sat, 09 Aug 2008
Two of my clients have caught this. One had to buy a new computer!. It downloads the spyware/virus XP Antivirus 2008 which will tell you you have a virus and prompt you to renew your subcription. If even creates a fake Blue screen of death and embbeds itself deep into the registry and windows folders.
Removal is almost impossible but will be publishing a link to a tool as soon as we have tested the toolf itself for malware!!
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments