After distributing outlandish headlines for months, malware distributors have taken the next logical step and are starting to package them together in email newsletters, more specifically, pretending to be “CNN Daily Top 10″ headline email newsletters. Here is a sample email:
Each enticing headline in the message links to a malware site, not to CNN, of course. However the messages are serving the actual CNN graphics directly from the CNN site, to add to its appearance of legitimacy.
Since the newsletter looks real, it’s most likely specifically designed to bypass both content-based anti-spam filters, and people’s natural suspicion of unsolicited mail. Accessing the web site hyperlinked from the message will automatically download the malware file “get_flash_update.exe”. On Internet Explorer the download happens automatically.
Special thanks to our lab for sending me this screenshot of the malware site (taken in Firefox…).