SPAM CAMPAIGNS READ MSNBC.COM OR CNN IN “FROM” AND “SUBJECT” LINES

Aug 13, 2008 by

Posted: Wednesday, August 13 at 01:55 pm CT by Bob Sullivan

Spammers have upped the ante in their efforts to trick news consumers, switching from e-mails with tabloid-style headlines to impersonating major online news services. On Wednesday, e-mails that appeared to be from msnbc.com landed in inboxes worldwide, promising breaking news and confusing some recipients.

The spam unleashed Wednesday follows a massive campaign last week in which spammers impersonated CNN.com. That campaign saw 250 million spam messages sent in one intense 24 hour period, according to spam-fighting firm MX Logic Inc. Those e-mails appeared to include links to CNN’s top 10 stories, but Internet users who were tricked into clicking on those links were sent instead to Web sites overseas that were booby-trapped with malicious software.

Recipients should immediately delete any unexpected e-mails purportedly from CNN, msnbc.com or any other firm that they haven’t done business with and authorized to contact them.

Users who open the fake CNN or msnbc.com e-mails and click on a link are in for a bad day if they fall for the ruse. Those who do are sent to Web sites that attempt to trick them into downloading what is described as a video player plug-in. Instead, the malicious software will infect the user’s computer, ultimately giving hackers complete control over the machine. Infected computers are then used to send out even more spam.

“This new tactic is likely to be more successful than recent ‘single-line spam’ campaigns because it looks like a legitimate e-mail news update,” said Sam Masiello, director of threat management at MX Logic.

After the initial top 10 headline spam, the campaign morphed into more focused e-mails purporting to come from “CNN Alerts,” which included links to what appeared to be a single news story – with an actual headline lifted from the news site — but was actually a booby-trapped link. In one such e-mail reviewed by msnbc.com, the e-mail was sent from a domain in Australia, and the links took clickers back to Australian Web sites.

MX Logic says it captured 850 million CNN spam messages since Aug. 4, and that the volume has steadily increased, suggesting that recipients have fallen for the ploy and their infected computers have been used to send out even more spam.

So far, MX Logic says, it’s catching about 2 million msnbc.com spam messages per hour, but the rate is steadily increasing. Security firm Sophos said the msnbc.com spam spiked at one point on Wednesday morning and equaled the total amount of all other spam the firm was trapping.

The first msnbc.com spam was sent around 4 a.m. ET, MX Logic said.

Masiello said he believes the same criminal gang is responsible for both the CNN and the msnbc.com spam campaigns.

One of the msnbc.com spam messages, with the subject line “BREAKING NEWS: Americans love law suits for breakfast,” appeared to come from a computer in Spain. The realistic-looking e-mail includes some actual links to msnbc.com in an attempt to confuse the recipient.

Spammers have impersonated major Internet sites — including news sites — for years. In 2006, a widespread spam campaign impersonated the BBC Web site, promising news about Russian president Vladimir Putin.

It’s unclear why there’s a sudden surge of fake news spam, but security firm Message Labs speculates that it’s related to a cat-and-mouse game currently being played out between spammers and security companies. Most spam is sent out from hijacked computers known as “bots” that are connected in large networks called “botnets.”

The largest is called the “Storm” botnet, created by a virus known as the Storm worm. Recently, researchers enjoyed a small victory against the worm, and shrunk the size of the botnet by about two-thirds, said Message Labs’ Paul Wood. The aggressive news headline campaign is an attempt to reconstitute the network, he said.

“They are trying to do something to regain their power,” Wood said.

 

Leave a Reply

Digital Arteries