Hackers trying to plant malware on PCs have switched from touting CNN news in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today.
The fake messages pose with subject headings that include the phrase "Breaking News," along with phony news story headlines, such as " Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heath Ledger's death," and "Plane crashes into prep school, hundreds of kids killed," said researchers at F-Secure Corp. and Sophos Plc.
Last week, security vendors had warned users of a massive scam that used messages masquerading as news alerts from CNN. At its peak, the blitz dumped nearly 11 million messages an hour on users. The criminals who launched that attack are also behind today's switch to MSNBC, said Sam Masiello, MX Logic's vice president of information security. "Typically we see copycats shortly after a major campaign, but this was sent by the same people," said Masiello. Like the CNN spam, the MSNBC messages include links claiming to offer the complete news story. People who click on those links, however, reach a faux-CNN site where a dialog box claims an update to Adobe System's Flash Player is necessary to view a video clip. The bogus update -- named "adobe_flash.exe," according to Masiello -- is actually a Trojan horse identified by security vendors as "EncPk-DA" and "Exchanger.mn" among other names. The Trojan, in turn, "phones home" to a malicious server to grab and install more malware.
The MSNBC campaign may just be getting started, said Masiello, who estimated the volume at mid-day Wednesday at between 1.5 and 2 million messages per hour. "But remember, it took about three days for the CNN spam to peak," he said.
One clue that the new spam is from the same group is that the page popping up when users click on the malicious links contains the CNN logo, not MSNBC's. The CNN spam and malware enticements prompted Adobe last week to issue a warning to PC users.
"Do not download Flash Player from a site other than Adobe.com," said David Lenoe, the company's product security program manager, in an entry on a company blog.
"If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Taking On Demand CRM Integration to the Next Level
Best Practice in Building an Integrated Information Management Strategy
Everything you need to know about email and web security (but were afraid to ask)
Controlling storage costs with Oracle database 11g
Email Archiving 101—Customer Case Study
How to improve employee productivity in small and medium businesses
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 2008-12-04 15:04:00+11
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 2008-12-04 13:34:00+11
Everything you need to know about email and web security (but were afraid to ask)
What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
Buying Guides
