No, in fact those CNN e-mail alerts that you are receiving these days are not CNN alerts at all! It is another clever ruse of the criminals to (mis)use the CNN tag to infect your computer.
It has been reported recently by RSA Security that there is a new form of phishing e-mail which purport to give a CNN news flash about an imminent ceasefire in Israel’s Gaza operation. As CNN is one of the most widely watched and respected news channels, the recipient will be drawn to the news flash link. However, if the embedded link is clicked on, the next screen will tell you to download Adobe Flash Player to view the page. This Adobe Flash Player is not the real one; on the contrary, this is a ‘Trojan horse’ phishing program to steal the financial passwords and personal details stored in the computer.
The ingenuity of the fraudsters lie in using the attention grabbing current news flashes on world affairs and it emphasizes the view that these fraudsters are indeed evolving with the time. The alert mails will carry different subject line phrases like “CNN.Com Daily Top 10″, “My CNN Alert” or “CNN Alerts: Breaking News”. These legitimate looking emails use the highly rated CNN as a hook to take advantage of the curiosity of the recipient and make him click on the link, only to be told to download a video codec (a malware) and if done so, ultimately infect the system.
Some time back there was another spam run which infected many systems with the ‘Storm’ worm. In January 2007, scam emails made rounds carrying links purported to contain details of impending violent windstorms in northern Europe. Storm worm was one of the most powerful pieces of malware ever written and many of the infected PCs are yet to be brought back to life.
These fake CNN alerts are apparently more successful than the one line spam messages in the recent past for the simple reason that the words CNN provide legitimacy to the message! RSA Security has however indicated that these fake alerts may not last long as they have managed to successfully shut down the Chinese server which was hosting the fake web page.
So what should be done when such tempting invites are seen in your inbox? Google advises that recipients should not to click on links or attachments in e-mails from unknown sources. As a rule, one should open emails only from known contacts. If you see such a CNN alert, check if you have subscribed to an online news alert recently. If not, there is every reason to suspect that the mail is a hoax. Ideally, you should delete the mail immediately. If you are however eager to know the veracity of the news, you have the option to go to CNN website to search for the news. These days, strict and careful vigilance is the only action that can prevent virus/malware attacks.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.