Sophos: Fake MSNBC news alerts used in latest spam campaign
August 2008 by Sophos
IT security and control firm Sophos is reminding computer users to exercise diligence when checking their email in the wake of a new widespread wave of dangerous spam messages that claim to be breaking news alerts from MSNBC.
Samples intercepted at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, have revealed that rather than containing a link to the story on MSNBC, unsuspecting users that click on the URL in the email will be redirected to a malicious webpage which will then attempt to infect computers with a Trojan Horse.
According to Sophos, the emails contain a variety of subject lines including:
msnbc.com - BREAKING NEWS: Mary-Kate Olsen responsible for Heath Ledger’s death
msnbc.com - BREAKING NEWS: Google launches free music downloads in China
msnbc.com - BREAKING NEWS: McDonald’s found to breach FDA regulations, suspended from trading
The messages are the latest from the spam gang that recently distributed emails claiming to be from CNN’s breaking news alert service.
“Sadly, the latest salvo of spam hitting our inboxes is likely to trick unsuspecting email users with its topical headlines and the seemingly trusted source,” said Graham Cluley, senior technology consultant for Sophos. “But by now everyone should be well aware of this kind of dirty trick and should never click on links in unsolicited emails."
Customers using Sophos’s email and web gateway solutions are automatically protected against the attack. Those using other vendors’ products are advised to check if they are protected or if an update is available.