Tuesday, August 12, 2008

Nasty New Form of Spam: CNN News Alerts

I have received a handful of these in the past few days, messages that look like they could be a CNN news alert that I had signed up for, except I hadn't.

The subject = "Breaking news" and spammers have designed them like this because many of us humans find it hard to resist a breaking news story. This means a lot of people may open these messages before the spam filters and malware detectors are updated and the security staff get out the word to the troops.

The link inside these messages can be quite goofy, like "Titanic sinks again in 2008." But some people will fall for them. And when they click on the story link they will probably find themselves on a web site in Russian or China. They will then get a message saying that, in order to view the video of the news story, they need to download new video player software. A convenient download is provided, but the software it sends you is a Trojan that takes compromises your system. These messages come hot on the heals of the "Daily Top Ten" from CNN that were very convincingly crafted (including an unsubscribe link that actually appeared to work).

There are only two things that will stem the tide of this garbage:

a. Widespread improvement in the general standards of human behavior.
b. Widespread adoption of new email standards.

Sadly both a and b still appear to be a long way off.

No comments: