Fake MSNBC news alert used in latest spam campaign
CNN gang changes tactics to bypass more spam filters, warns Sophos
IT security and control firm Sophos is reminding computer users to exercise diligence when checking their e-mail in the wake of a new widespread wave of dangerous spam messages that claim to be breaking news alerts from MSNBC.
Samples intercepted at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, have revealed that rather than containing a link to the story on MSNBC, unsuspecting users that click on the URL in the e-mail will be redirected to a malicious Web page which will then attempt to infect computers with a Trojan horse.
According to Sophos, the e-mails contain a variety of subject lines, including:
msnbc.com - BREAKING NEWS: Mary-Kate Olsen responsible for Heath Ledger's death
msnbc.com - BREAKING NEWS: Google launches free music downloads in China
msnbc.com - BREAKING NEWS: McDonald's found to breach FDA regulations, suspended from trading
The messages are the latest from the spam gang that recently distributed e-mails claiming to be from CNN's breaking news alert service.
"The latest salvo of spam hitting inboxes is likely to trick unsuspecting e-mail users with its topical headlines and the seemingly trusted source," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "But, by now, everyone should be well aware of this kind of dirty trick and should never click on links in unsolicited e-mails."
Customers using Sophos's e-mail and Web gateway solutions are automatically protected against the attack. Those using other vendors' products are advised to check if they are protected, or if an update is available.
For more information and an image of the MSNBC spam e-mails, please visit http://www.sophos.com/blogs/gc/.