The hacking gang who have been bombarding internet users’ inboxes worldwide with dangerous emails claiming to be breaking news from CNN, have changed their disguise.
They’ve shrugged off their CNN gabardine suit and put on a fur-lined MSNBC jacket instead.
Here is a typical example, claiming that Hollywood icon Elizabeth Taylor has been found murdered:
Other subject lines used in the widely-spammed email campaign include:
msnbc.com – BREAKING NEWS: McCain told lies to win votes msnbc.com – BREAKING NEWS: Anthrax case solved msnbc.com – BREAKING NEWS: Preliminary polls for the election msnbc.com – BREAKING NEWS: Google launches free music downloads in China msnbc.com – BREAKING NEWS: Jerry Yang relinquishes control over Yahoo msnbc.com – BREAKING NEWS: Apple September show highly anticipated msnbc.com – BREAKING NEWS: High calorie food banned in canteens msnbc.com – BREAKING NEWS: Abortion made illegal in New York msnbc.com – BREAKING NEWS: Tiger Woods to take 2-year break from golf msnbc.com – BREAKING NEWS: Europeans dislike Americans attitudes msnbc.com – BREAKING NEWS: McDonald’s found to breach FDA regulations, suspended from trading msnbc.com – BREAKING NEWS: Mary-Kate Olsen responsible for Heath Ledger’s death msnbc.com – BREAKING NEWS: Plane crashes into prep school, hundreds of kids killed msnbc.com – BREAKING NEWS: Stocks set to fall on recession msnbc.com – BREAKING NEWS: Obama set to win presidency
Clicking on the link, of course, does not really take you to MSNBC’s website – but to a malicious webpage hosting a Mal/EncPk-DA infection.
Customers using Sophos’s email and web gateway solutions were automatically proactively protected against both the spam messages and the malware attack. If you use other vendors’ products it might be prudent to see if they have made an update available.
This campaign is going to continue for as long as it works for the bad guys. Who knows what media organization the hackers will choose to disguise themselves as next?
As always, remember to be on your guard against clicking on links in unsolicited emails, and downloading unknown executables from the web, and tell your staff, friends and colleagues to do the same.