BOGUS ALERTS pretending to have been sent from US TV news network CNN are spam that lures wibblers to over 1,000 hacked websites that are pushing fake, malware-infested Flash Player software, Internet security watchdogs have warned.
The spam emails contain links to what are claimed to be CNN's Top 10 news stories and video clips. However, clicking on any link launches a dialogue saying that the user has an obsolete version of Flash Player and needs to download an updated version, according to Sam Masiello, VP of MX Logic, a Denver security company.
MX Logic detected more than 160 million fake CNN spam messages transmitted within 48 hours earlier this week.
The dialogue goes into an endless loop if the user clicks the "Cancel" button to disallow the update, forcing victims to either kill their browser session or accept the download, he said.
If the user accepts the download of the fake Flash Player update, they don't get an updated version of that but instead receive a Trojan with any of several names, including Cbeplay.a, which then "phones home" to a malicious server to download and install yet more malware, according to Bulgarian security researcher Dancho Danchev.
On Tuesday, Danchev reported having discovered more than 1,000 hacked websites hosting the fake Flash Player malware.
Adobe is aware of the malware masquerading as a Flash Player update and it has warned users in a company security bog entry not to download updated versions of Adobe software from anywhere other than its own website. µ
Also, my mate said your mate told me to tell you they fancy your mate's mate
'Uninstall trackers' are apparently a dev tool ripe for abuse
Did someone say 'lawsuit'?
Don't expect many surprises at next week's launch