- Saturday, 28 November 2009
- INQ Mobile
- RSS
This press conference is duller than the dreams of Mike Capellas - Doctor Spinola
Faked CNN spam blitz pushes fake Flash
BOGUS ALERTS pretending to have been sent from US TV news network CNN are spam that lures wibblers to over 1,000 hacked websites that are pushing fake, malware-infested Flash Player software, Internet security watchdogs have warned.
The spam emails contain links to what are claimed to be CNN's Top 10 news stories and video clips. However, clicking on any link launches a dialogue saying that the user has an obsolete version of Flash Player and needs to download an updated version, according to Sam Masiello, VP of MX Logic, a Denver security company.
MX Logic detected more than 160 million fake CNN spam messages transmitted within 48 hours earlier this week.
The dialogue goes into an endless loop if the user clicks the "Cancel" button to disallow the update, forcing victims to either kill their browser session or accept the download, he said.
If the user accepts the download of the fake Flash Player update, they don't get an updated version of that but instead receive a Trojan with any of several names, including Cbeplay.a, which then "phones home" to a malicious server to download and install yet more malware, according to Bulgarian security researcher Dancho Danchev.
On Tuesday, Danchev reported having discovered more than 1,000 hacked websites hosting the fake Flash Player malware.
Adobe is aware of the malware masquerading as a Flash Player update and it has warned users in a company security bog entry not to download updated versions of Adobe software from anywhere other than its own website. ยต
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Not a problem if you use a decent browser or have half.. make that quarter of a brain and notice 20 copies of emails 'from cnn' which you never signed up to in the first place.
Yeah, big security risk this is...
If by now you haven't caught on to email spam and scams then you really should be put in a home without access to computers, and you are certainly not reading any security alerts, ever, because it's all over your head anyway.
Got a message yesterday on facebook that pointed to a location where I was asked to download an "updated version" flash. Thankfully I'm not stupid and therefore didnt download the updater file called "codecsetup". At least name the file right ffs LOL!
That's the first spam I've been caught out by.
Even though gmail marked it as spam I though the same twit who subscribed me to Skype had struck again.
At least I only clicked on the unsubscribe lnk - probably get more spam now.
Not everyone is as bright as you are DORK! FFS indeed. There's always some jack off who claims to know it all.
Practically all the spam emails I've received over the past week have been fake CNN emails, and I think I've only had a couple offering handcrafted luxury timepieces or discounts on male healthcare products.

Why the sudden change in tactic? As I don't even subscribe to CNN's alerts, and being in the UK with a co.uk email address, it's unlikely that I would, these emails looked highly suspect from the off.

Beats the "disturbing and tasteless fake headline as email subject" trend, mind you.