Faux-CNN Spam Blitz Delivers Malicious Flash

← Back to Stories (view on slashdot.org)

Faux-CNN Spam Blitz Delivers Malicious Flash

Posted by samzenpus on Wednesday August 6, 2008 @11:06AM from the careful-what-you-click dept.

CWmike writes "More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said today. The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a fake newer edition, which delivers a Trojan horse — identified by multiple names, including Cbeplay.a — that 'phones home' to a malicious server to grab and install additional malware."

10 of 213 comments (clear)

IE7 Scam by nurb432 · 2008-08-06 11:22 · Score: 5, Funny

There is another similar one pushing 'IE 7 is now available for download' from 'Microsoft'.
ya.. right...

--
---- Booth was a patriot ----
Re:Ahhh, that explains it by Anonymous Coward · 2008-08-06 11:22 · Score: 1, Funny

1995 called, they asked if "for(;;)alert("ha ha");" still f**ks current browsers for the average user?
What, no CNN link? by Chris+Pimlott · 2008-08-06 11:43 · Score: 3, Funny

I can see the headline now: "We're not spamming you (really)"
1. Re:What, no CNN link? by Anonymous Coward · 2008-08-06 12:58 · Score: 1, Funny
  
  Well, between the trojan and the flash and javascript nightmare which crashes some browsers that is cnn.com, I suspect most people are choosing the virus. There's no point in putting it up on the website.
Sourceforge harvested, gmail bounced it by coljac · 2008-08-06 12:10 · Score: 3, Funny

This spam helped me find a bug in my procmail recipe - this was sent to my Sourceforge email address (never had spam there before), and was forwarded on to Google which bounced it as an illegal attachment. Kudos to Google for being on the ball.
The 1,200 recursive bounce messages that ensued were no-one's fault but my own. :)

--
Everyone knows that damage is done to the soul by bad motion pictures. -Pope Pius XI
Re:snooze by humphrm · 2008-08-06 12:31 · Score: 2, Funny

There's absolutely no reason such a functionally identical attack would not work against any operating system you care to name
Mac OS X.
Running on an iPhone.
A non-3G iPhone.

--
-- "In order to have power, I must be taken seriously." -Mojo Jojo
Linux Sux by Jafar00 · 2008-08-06 14:26 · Score: 5, Funny

It's unfair. I clicked the link in the email, and it told me to update flash, but the flash updater I downloaded from their site doesn't work on my computer.

How am I supposed to see the CNN videos if they don't make a linux version? Linux sux, I'm going back to windows. :(

--
RebateFX.com - Spread rebates for Forex traders
Re:Faux-CNN Spam Blitz Delivers Malicious Flash? by wik · 2008-08-06 15:13 · Score: 4, Funny

Pleas God, no. Nobody wants Wolf flashing us.

--
/ \
\ / ASCII ribbon campaign for peace
x
/ \
Re:Ahhh, that explains it by cayenne8 · 2008-08-06 16:49 · Score: 2, Funny

Well...you gotta figure pretty much anything from CNN is spam, and is to be ignored, or at viewed with suspicion....
:-)

--
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Ugggh! by alcmaeon · 2008-08-06 17:43 · Score: 2, Funny

I read the title and I got and image of Bill O'Reilly and Anderson Cooper mooning everybody. Now I need to go scrub my brain with lye soap.