I read about this on slashdot recently and then in the last day or so I’ve gotten a dozen or so emails claiming to be from CNN Alerts. They all had subject lines that read “CNN Alerts: My Custom Alert” or “CNN.com Daily Top 10”
I knew right away that something wasn’t right about this because I have my CNN preferences set to use plain text instead of html in emails and this one is in html.
Each of them contain CNN headlines and a link to view the story. The links end up going to a wide variety of sites that are in fact, not CNN. When you get to one of these sites an alert pops up:
If you click “OK”, it will indeed download something but it’s not really an updated version of flash, It’s a trojan downloader that will then “phone home” and download more malware, probably turning your computer into part of a spamming botnet in the process.
The really “special” part of this is that if you’re suspicious of trickery and click “Cancel” to not download it, that takes you to another popup that asks you to download the “new version” of flash. When you click “OK” on that one, it returns you to the first popup, which then proceeds to continue in an endless loop, trying to beat the user into downloading it just to get out of the loop. The only way to break that loop without downloading the malware is to use the task manger to kill the browser process.
To prevent getting hijacked by something like this, it’s often best to go to the news site and look for the headline. It takes a bit longer bit is a lot safer than clicking on phishing urls. Another idea is to set your preferences so that the mail is delivered in text only format and delete any that arrive in html format.
In the case of flash, Active-x and other updates, always go to the home site to download updates or browser plugins. For that matter, Active-x, is best left disabled.
[Tags]fake cnn, email, trojan, spam, malware, trojan downloader[/tags]