This morning the CNN spam campaign took an ugly twist in terms of content. Spammers are now spoofing the CNN alerts system that users configure to receive customized news alerts. This is particularly harmful to those who actually create alerts for themselves with CNN as at the first glance it looks very authentic. In some of these news alerts links point back to sites hosted in Russia.
The executable downloaded in this specific example shown below is adobe_flash.exe from a site that appears to be a video and audio podcast site for CNN. Essentially the trend we are seeing here with all of the recent spoofing attacks with CNN as well as a host of others using the fake codec scheme is the distribution of malware binaries. It is possible some of these alerts contain binaries that install the rouge antivirus application AV XP 2008 as well Trj/Exchanger.Z