CNN Alerts & New Malcode (Antivirus XP 2008)

This morning the CNN spam campaign took an ugly twist in terms of content. Spammers are now spoofing the CNN alerts system that users configure to receive customized news alerts. This is particularly harmful to those who actually create alerts for themselves with CNN as at the first glance it looks very authentic. In some of these news alerts links point back to sites hosted in Russia.

The executable downloaded in this specific example shown below is adobe_flash.exe from a site that appears to be a video and audio podcast site for CNN. Essentially the trend we are seeing here with all of the recent spoofing attacks with CNN as well as a host of others using the fake codec scheme is the distribution of malware binaries. It is possible some of these alerts contain binaries that install the rouge antivirus application AV XP 2008 as well Trj/Exchanger.Z

One Response to CNN Alerts & New Malcode (Antivirus XP 2008)

  1. […] 2008-August-10 The Panda US Security Blog reports that the crooks behind Antivirus XP 2008 are using faked CNN News Alert e-mails to send people to malware…, where people are told to download a new codec to view the alert. This codec turns out to be […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: