Fake CNN.com ‘Daily Top 10’ E-mails Link to Malware

I’m confident that most visitors of our site are net-savvy enough to know spam when they see it, but the latest round of CNN daily roundups is so real, even I thought it was legit at quick glance. I don’t subscribe to their newsletter, but when I saw it, I just threw it in the trash, figuring I somehow got on their list. All you need to do is look at the destination of the links though, which of course don’t go to CNN.com.

What’s interesting about these spam e-mails is that most of the links are indeed linkable to CNN.com, it’s just the news items that aren’t. Of course, clicking one will give you a prompt of some sort and go ahead and infect your machine with malware and who knows what else.

It might be a wise idea to warn your friends and families though, since CNN is generally a company that’s going to be trusted by the masses, and given the e-mails look so legit, it’s easy to fall into the trap, especially if you or someone else you know actually does subscribe to their newsletter in the first place.

If the user accepts the download of the fake Flash Player update, they don’t get an updated version of that but instead receive a Trojan with any of several names, including Cbeplay.a, which then “phones home” to a malicious server to download and install yet more malware, according to Bulgarian security researcher Dancho Danchev.