Hackers disguise malicious email attack as news from MSNBC

Filed Under: Malware, Spam

The hacking gang who have been bombarding internet users' inboxes worldwide with dangerous emails claiming to be breaking news from CNN, have changed their disguise.

They've shrugged off their CNN gabardine suit and put on a fur-lined MSNBC jacket instead.

Here is a typical example, claiming that Hollywood icon Elizabeth Taylor has been found murdered:

Fake MSNBC email linking to malicious code

Other subject lines used in the widely-spammed email campaign include:

  • msnbc.com - BREAKING NEWS: McCain told lies to win votes
  • msnbc.com - BREAKING NEWS: Anthrax case solved
  • msnbc.com - BREAKING NEWS: Preliminary polls for the election
  • msnbc.com - BREAKING NEWS: Google launches free music downloads in China
  • msnbc.com - BREAKING NEWS: Jerry Yang relinquishes control over Yahoo
  • msnbc.com - BREAKING NEWS: Apple September show highly anticipated
  • msnbc.com - BREAKING NEWS: High calorie food banned in canteens
  • msnbc.com - BREAKING NEWS: Abortion made illegal in New York
  • msnbc.com - BREAKING NEWS: Tiger Woods to take 2-year break from golf
  • msnbc.com - BREAKING NEWS: Europeans dislike Americans attitudes
  • msnbc.com - BREAKING NEWS: McDonald's found to breach FDA regulations, suspended from trading
  • msnbc.com - BREAKING NEWS: Mary-Kate Olsen responsible for Heath Ledger's death
  • msnbc.com - BREAKING NEWS: Plane crashes into prep school, hundreds of kids killed
  • msnbc.com - BREAKING NEWS: Stocks set to fall on recession
  • msnbc.com - BREAKING NEWS: Obama set to win presidency
  • Clicking on the link, of course, does not really take you to MSNBC's website - but to a malicious webpage hosting a Mal/EncPk-DA infection.

    Customers using Sophos's email and web gateway solutions were automatically proactively protected against both the spam messages and the malware attack. If you use other vendors' products it might be prudent to see if they have made an update available.

    This campaign is going to continue for as long as it works for the bad guys. Who knows what media organization the hackers will choose to disguise themselves as next?

    As always, remember to be on your guard against clicking on links in unsolicited emails, and downloading unknown executables from the web, and tell your staff, friends and colleagues to do the same.

    You might like

    About the author

    Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.