Wednesday December 3, 2008 8:01 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"trend is good antivirus software."
on Trend Micro OfficeScan Client/Server Edition
by jack | Dec 3, 2008 7:02 AM
 
"I feel it with you guys. These irritating interruptions on privacy MUST be stopped. It is a ..."
on Yahoo and Microsoft take aim at lottery scams
by Jan Wilmans | Dec 2, 2008 7:11 PM
 
"My AVG WILL NOT UPDATE"
on AVG update deletes critical Windows file
by James Downs | Dec 2, 2008 5:58 AM
 
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
Email Security

Faked CNN spam blitz pushes fake Flash

  • Email a Friend
  • Print Page
Related Articles
By INQUIRER Staff
Aug 8, 2008 9:59 AM | 1 Comment
Tags: Faked | CNN | spam | blitz | fake | Flash
Alerts pretending to have been sent from CNN are spam that lures wibblers to over 1,000 hacked websites.

The spam emails contain links to what are claimed to be CNN's Top 10 news stories and video clips.

However, clicking on any link launches a dialogue saying that the user has an obsolete version of Flash Player and needs to download an updated version, according to Sam Masiello, VP of MX Logic, a Denver security company.

MX Logic detected more than 160 million fake CNN spam messages transmitted within 48 hours earlier this week.

The dialogue goes into an endless loop if the user clicks the "Cancel" button to disallow the update, forcing victims to either kill their browser session or accept the download, he said.

If the user accepts the download of the fake Flash Player update, they don't get an updated version of that but instead receive a Trojan with any of several names, including Cbeplay.a, which then "phones home" to a malicious server to download and install yet more malware, according to Bulgarian security researcher Dancho Danchev.

On Tuesday, Danchev reported having discovered more than 1,000 hacked websites hosting the fake Flash Player malware.

Adobe is aware of the malware masquerading as a Flash Player update and it has warned users in a company security bog entry not to download updated versions of Adobe software from anywhere other than its own website.

theinquirer.net (c) 2008 Incisive Media

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 1
This email scam is very annoying, I am getting about 30-50 emails a day. People who develop these problems should be serverely punished. I love using my computer and these issues detract from the experience. Shame on the developers.
SC Magazine - comments icon Posted by JennyAug 12, 2008 11:38 AM
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Messaging Whitepapers
 
Popular Tags
addresses adobes email facebook fake flash identity levels major malware network player profiles recession record scam spam srizbi virus warning