CNN spam


I’ve been seeing some CNN spam the past few days, that is, spam in the form of breaking news stories from CNN.com.  Below is a sample:

image

These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don’t subscribe so I wouldn’t know).  Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages.  However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet.

This is just another spam message disguised as a legitimate entity.  Technically, this is not phishing, it is spoofing.  It’s certainly a clever looking one, to be sure, as it appears legitimate.

Comments (26)

  1. Tomasz Dworakowski says:

    What is interesting I tried to send the CNN Spam to CNN itself and found that both abuse@cnn.com or simply spam@cnn.com do not exist. So it seems CNN see no evil and hear no evil. I tried a separate idea and send the information to privacy.cnn@turner.com, which also refused the access. Classic or what?

  2. Ed Harris says:

    Because the page comes as HTTP, viewing the source reveals a ton of URLs referencing "cnn.net".  If you set your SPAM filter to filter out "cnn.net" in the body of the message, you should see your incidences go down.

  3. Deb T. says:

    Same thing happened to me as happened to Tom. I couldn’t find a place to report it to CNN. I’ve gotten two in two days, so far, and I didn’t sign up on CNN with that particular email so I was suspicious already. Decided to look for news about the spam on the web and found your blog comment. Thanks!

  4. StevenSDF says:

    I’ve been getting these over the last couple of days too.

    At least in text version of the email the links seem unchanged.

  5. mark says:

    Just got 50 of these today, its even more confusing if you view the text version as it all looks legit, I wondered if there was some sort of redirect exploit at CNN it was trying to use. Made sense when I looked at the HTML version with the dodgy hyperlinks. Thanks for the confirmation.

  6. Davis McCarn says:

    I have just reported these to CNN; but, had to use their online form to do it so I hope they get back to me.

    I have received about 10 copies, so far, and notice they are using multiple giberrish domains within the links.  This tactic will make it harder to defeat and it is going to be a more successful effort than many because most people will trust CNN.

    Combined with last weeks UPS and FEDEX schemes, I have to think a major effort is underway and suggest that everyone better get their shields up!

  7. Stefan says:

    This is not from CNN… it looks like from CNN but in fact, the links refer to martinkahl.com where a "missing" plugin message appears… and if you try to install this, it’s possible you got a trojan, virus or something like this….

  8. Heather S. says:

    I’ve gotten 3 of these so far this week. At first I thought it was legit because one of the links was about a real story. Then I scrolled over and saw a weird URL and knew the email was fake.

  9. John in Tampa says:

    If companies would start using SPF records, you can prevent spoofing like this…it publishes the IP addresses that are "authorized" for sending from that DNS Domain.

    See, CNN has NO published SPF records –

    Link: http://vweb.nass.com.au/cgi-bin/dnslookup?data=cnn.com&server=

  10. Frank says:

    Some blogs are reporting that if you link to a newsitem you connect to a fairly bad malware

  11. mrkto says:

    Someone subscribed me to "CNN dayly to 10". This this over news spam.

  12. Jay (Canada) says:

    I just added a rule in Outlook to delete it automatically.

    It still p*sses me off seeing that there isn’t much we can do about it. Hackers oughta be hung by the balls.

  13. shadokart says:

    Thanks for the info. I too received this spam on all my emails. A real pain. I finally decided to program my antispam against all mail having "Daily Top 10" in their object. Hope that solves the case. What i don’t understand is the utility of this. Apart from getting people to download a virus program. I confirm trough Gmail that there is a suspicious program linked to that spam.

  14. Applefish says:

    Better add "Custom Alerts" to that spam filter…

  15. I clicked on the "unsubscribe" link at the bottom, thinking that I had inadvertently signed up for a daily top 10 from CNN, because I often visit that page to catch up on the news.

    Does anybody know if clicking on this unsubscribe link could cause a virus to activate and if so, is there any known solution out there to get rid of it?

    Sincerely,

    Richard Aberdeen

    http://www.FreedomTracks.com

  16. samscreen says:

    Your blog and all comments were really helpful. We need more good guys like you. Thanks.

  17. YaPS says:

    Recieved a couple of these as well.

    Links to rosteh-komplekt.ru in my latest one.

    Missing plugin was identified as a variant of the W32/Nuwar Worm via Nod32.

    FYI.

  18. Chris says:

    Richard – The links at the bottom (unsubscribe, etc.) are legitimate; I went to them myself and tested them against navigating to the same pages from CNN.com itself.  It’s just the news story links that are wonky.

  19. Brian says:

    It is absolutely impossible to get rid of the CNN spam; I’ve been trying to unsubscribe several times through their system, where I’m forced to agree to their stupid policy before unsubscribe, but I still get the same spam.

  20. Preston Lewis says:

    When I first began to get these CNN emails, I hovered my mouse over the HTML link and looked to see the actual address which was usually in Russia (not always).  I also looked to see the email address who sent it (not always the truth either) but in these CNN SPAM emails the return address was never CNN but instead was different email addresses every time.

    To be safe, just never use a link in an email.

    For those of you complaining that unsubscribing at CNN doesn’t work . . .  Duh.  Since CNN didn’t send it how can they unsubscribe you?  It’s SPAM.  The links connect you to a hijacked server, not CNN.  It’s people like you that fall for these kinds of trojans.  If you don’t know to NEVER click on a link in an email . . .

  21. Nigel says:

    Getting about 15 a day of these and getting annoyed. Thanks for the tips above. Guess I’ll be setting my preferences this morning

  22. Townsend Harris says:

    If I recall correctly, this spoofing that then delivers a payload of spam or a botnet download is a kind of "Joe Job".

  23. ron sercely says:

    and now, I not only getting these CNN alerts, but I am getting basically the same spam but as MSNBC news alerts.

  24. Pete Cee says:

    All the email accounts I use a lot have been flooded out with the fake CNN emails. So I set up filters to stop them but now, like ron sercely, I’m getting the MSNBC ones.  It’s a real pain.  Why can’t there be international co-operation to put these crooks out of business and to get tough with the ISP’s that allow it to happen?

  25. Debbie P. says:

    Ive gotten 15+ of these in the last week, also from "MSNBC breaking news". Became suspicious when I saw the weird URLs. Didn’t know what to think,as they do look official Thankfully did not open any stories.

    Thanks for the blog!