Hackers disguise malicious email attack as news from MSNBC

The hacking gang who have been bombarding internet users’ inboxes worldwide with dangerous emails claiming to be breaking news from CNN, have changed their disguise.

They’ve shrugged off their CNN gabardine suit and put on a fur-lined MSNBC jacket instead.

Here is a typical example, claiming that Hollywood icon Elizabeth Taylor has been found murdered:

Fake MSNBC email linking to malicious code

Sign up to our free newsletter.
Security news, advice, and tips.

Other subject lines used in the widely-spammed email campaign include:

  • msnbc.com – BREAKING NEWS: McCain told lies to win votes
  • msnbc.com – BREAKING NEWS: Anthrax case solved
  • msnbc.com – BREAKING NEWS: Preliminary polls for the election
  • msnbc.com – BREAKING NEWS: Google launches free music downloads in China
  • msnbc.com – BREAKING NEWS: Jerry Yang relinquishes control over Yahoo
  • msnbc.com – BREAKING NEWS: Apple September show highly anticipated
  • msnbc.com – BREAKING NEWS: High calorie food banned in canteens
  • msnbc.com – BREAKING NEWS: Abortion made illegal in New York
  • msnbc.com – BREAKING NEWS: Tiger Woods to take 2-year break from golf
  • msnbc.com – BREAKING NEWS: Europeans dislike Americans attitudes
  • msnbc.com – BREAKING NEWS: McDonald’s found to breach FDA regulations, suspended from trading
  • msnbc.com – BREAKING NEWS: Mary-Kate Olsen responsible for Heath Ledger’s death
  • msnbc.com – BREAKING NEWS: Plane crashes into prep school, hundreds of kids killed
  • msnbc.com – BREAKING NEWS: Stocks set to fall on recession
  • msnbc.com – BREAKING NEWS: Obama set to win presidency
  • Clicking on the link, of course, does not really take you to MSNBC’s website – but to a malicious webpage hosting a Mal/EncPk-DA infection.

    Customers using Sophos’s email and web gateway solutions were automatically proactively protected against both the spam messages and the malware attack. If you use other vendors’ products it might be prudent to see if they have made an update available.

    This campaign is going to continue for as long as it works for the bad guys. Who knows what media organization the hackers will choose to disguise themselves as next?

    As always, remember to be on your guard against clicking on links in unsolicited emails, and downloading unknown executables from the web, and tell your staff, friends and colleagues to do the same.


    Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

    What do you think? Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.