'CNN - My Custom Alert'

Published: 2008-08-08
Last Updated: 2008-08-08 17:47:53 UTC
by Mari Nichols (Version: 1)
2 comment(s)

Thanks to our readers for letting us know that they are receiving a good amount of some very authentic looking phishing spam.  Although the email appears to be from CNN again, the origination address is not even obfuscated. ISC Handler, Daniel had written a story about the "CNN - Top Ten" storm worm a few days ago.

isc.sans.org/diary.html

These sort of emails have one big thing going for them.  The ability to get that user to click.  The CNN brand is trusted and recognized by almost all of our users.  Anyone seeing this email may not think twice about clicking on the link unless we tell them not to.  What a great opportunity for user training.  Send out a short Security Awareness Email to your users and explain to them what it really happening.  Ask them to tell their kids too. 

Far too many people are making this a very profitable way for cyber-criminals to make money.   Try to help your end users understand how to spot a fraudulent email address, how to dissect a domain name and find a masked url address.  Just think about all the infections and exploitations you may prevent.

For more information see the Anti-Phishing Working Group website.

http://www.antiphishing.org/
 

Keywords:
2 comment(s)

Comments

This one's also still the botnet (i.e. the same people as the "CNN.com Top 10") -- the same group of IPs abruptly stopped sending Top 10 and started sending Custom Alert at midnight California time. The linked sites are the same hijacked servers, and the landing pages have the identical JS-obfuscated content I deconstructed yesterday.

(As always, the hour's current data is at http://www.vivtek.com/projects/despammed/stormspam.html)
You can read http://malware-test-lab.blogspot.com/2008/08/fake-cnn-alerts-my-custom-alert.html in detail.

Diary Archives