CNN.com Malspam Revolution: msnbc.com Breaking News Message

msnbc.com Breaking News is one of the latest malspam messages to spread malware through a Fake Flash Player download.

The CNN malspam message that we reported on a previous post has evolved into using other popular news network subject lines to sneak in a new version of the same type of malspam message. This time the spammers are using the title "msnbc.com Breaking News" as the headliner which is sure to get more computer users attention.

The mxlab blog was one of the first sources to enlighten or warn computer users of this new malspam threat. In their post they go onto explain how this new "msnbc.com BREAKING NEWS" message contains a URL that leads to a malicious site that has a CNN video report but asks you to download a Flash player in the form of the file adobe_flash.exe. Does this sound familiar? It should because we believe it is the same group of spammers that are changing the latest series of the CNN Trojan messages or malspam to exhibit a new catchy title.

Do you ever get those "Breaking News" emails when something big in the news has recently happened?

The last legitimate "Breaking News" message I received was the passing of Isaac Hayes from CNN.com. Many of you are probably like me, you want to be notified of breaking news and if you get an email titled "Breaking News" you are probably going to open that message and click on a link within the body of the email. If you do that with the new "msnbc.com BREAKING NEWS" malspam message then it will redirect you to a malicious site that may ask you to download a fake Flash player just like in the CNN.com Daily Top 10 malspam message.

Below is an mxlab example of the "msnbc.com - BREAKING NEWS" message and embedded linking:

Google launches free music downloads in China
Plane crashes into prep school, hundreds of kids killed
Please give your opinions for change
US Dollar hits 6-year high, further gains expected

msnbc.com: BREAKING NEWS: Google launches free music downloads in China
Find out more at http://breakingnews.msnbc.com
======================================================
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.
=========================================
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
newsletter because you subscribed to it or, someone forwarded it to you.
To remove yourself from the list (or to add yourself to the list if this
message was forwarded to you) simply go to
http://www.msnbc.msn.com/id/50903113 , select unsubscribe, enter the
email address receiving this message, and click the Go button.
Microsoft Corporation - One Microsoft Way - Redmond, WA 98052
MSN PRIVACY STATEMENT
http://privacy.msn.com (http://privacy.msn.com/> )

msnbc.com - BREAKING NEWS malspam message Update: It was confirmed by MX Logic that the new msnbc.com - BREAKING NEWS malspam messages are using uncanny subject lines. Below are a few examples of the subject lines used.

  • msnbc.com - BREAKING NEWS: Americans love law suits for breakfast
  • msnbc.com - BREAKING NEWS: Bomb scare grounds thousands of flights at UK Heathrow airport
  • msnbc.com - BREAKING NEWS: Copycat murderer beheads woman on Greyhound bus
  • msnbc.com - BREAKING NEWS: I will be suing you
  • msnbc.com - BREAKING NEWS: Mary-Kate Olsen implicated in Heath Ledger's death
  • msnbc.com - BREAKING NEWS: Sandwich recall amid Salmonella outbreak

Note: You should delete any message with the same subject line as those listed above in an effort to avoid getting infected by a Trojan.

The fake Flash Player is pushed onto computer users through an ActiveX error message as shown in the image below.

Malspam Tip: We should note that these messages will probably not stop any time soon. We expect them to change into different variations mainly because the recent malspam messages are working well for spammers by infecting a wide range of people around the world. What works for the spammer is usually something that we see more of in the future. If you get a message with the subject line "msnbc.com BREAKING NEWS" please use caution. As Adobe.com has already stated, do not ever download a Flash Player from another site other than Adobe.com.

Tags: .