Fake Spam Allegedly Offer MSNBC News
Sophos reported that a new surge of hazardous spam messages are being distributed, posing to offer breaking news from MSNBC. Samples of the e-mails intercepted at SophosLabs reveal that instead of having a link pointing to the news story on MSNBC, gullible users who click the URL inside the e-mails are diverted to a malware-tainted web page that tries to infect their computers.
Sophos also added that the e-mails flash various headlines such as "McDonald's found to breach FDA regulations, suspended from trading" and "Mary-Kate Olsen responsible for Health Ledger's death."
Moreover, says Sophos, the MSNBC messages claim that they provide the entire news stories. But recipients who click the associated links land up on a faux-CNN website where a box appears saying that a revised version of Adobe System Inc.'s Flash Player is required to watch a clip.
According to Vice President of Information Security, Sam Masiello, at MX Logic Inc., the phony Flash Player update named adobe_flash.exe is in fact a Trojan that security vendors have identified as Exchanger.mn and EncPk-DA. This Trojan connects to a malevolent server to install additional malware. ComputerWorld reported this on August 13, 2008.
Earlier, during the first week of August 2008, similar e-mail messages allegedly contained links to current news reports on CNN.com, however, when recipients clicked, they reached a malware-laden site that downloaded malicious programs on their systems.
Sophos confirmed that the same gang is behind both the scams since it has found the same payload in both outbreaks. One hint that the recent spam is an effort of the same gang is that when users follow the links, the page that pops up contains not MSNBC logo but the CNN logo.
According to Product Security Program Manager David Lenoe at Adobe, it is advisable that users avoid downloading Flash Player from any other site than Adobe.com. Lenoe suggested that if a notice asks to install an update, it is better to directly visit the website of the program vendor and pull down the update from there. However, if the install relates to an unknown URL/IP address, then the user should get alert as reported by ComputerWorld.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 27-08-2008