Faux-CNN Spam Blitz Delivers Malicious Flash

Faux-CNN Spam Blitz Delivers Malicious Flash

Are you going to be the next CNN?  Could your website currently be serving of malware?  It's getting pretty nasty out on the open internet these days and not only are your servers at risk, your employees can be letting in malware as well.



One example of this is the CNN Spam Blitz.  More than a thousand hacked Web sites are serving up fake downloads to users duped into clicking on links in mail.  Let us stop here and give you a… TIP from Littlefish IT Support.  ***

NEVER, NEVER, NEVER click on a link in an email.  Even if it comes from your mom. ... The "CNN" bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a fake newer edition, which delivers a Trojan horse — identified by multiple names, including Cbeplay.a — that "phones home" to a malicious server to grab and install additional malware."



You can also get these messages from PayPal, telling you that there are problems with your account.  You may get them from an "employment agency" asking you to click on a link about a job.  Some of these fish for information, some of them install malware, all of them are bad.