Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

CNN spam

CNN spam

  • Comments 26

I've been seeing some CNN spam the past few days, that is, spam in the form of breaking news stories from CNN.com.  Below is a sample:


These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know).  Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages.  However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet.

This is just another spam message disguised as a legitimate entity.  Technically, this is not phishing, it is spoofing.  It's certainly a clever looking one, to be sure, as it appears legitimate.

Leave a Comment
  • Please add 4 and 2 and type the answer here:
  • Post
  • PingBack from http://blog.a-foton.ru/2008/08/cnn-spam/

  • What is interesting I tried to send the CNN Spam to CNN itself and found that both abuse@cnn.com or simply spam@cnn.com do not exist. So it seems CNN see no evil and hear no evil. I tried a separate idea and send the information to privacy.cnn@turner.com, which also refused the access. Classic or what?

  • Because the page comes as HTTP, viewing the source reveals a ton of URLs referencing "cnn.net".  If you set your SPAM filter to filter out "cnn.net" in the body of the message, you should see your incidences go down.

  • Same thing happened to me as happened to Tom. I couldn't find a place to report it to CNN. I've gotten two in two days, so far, and I didn't sign up on CNN with that particular email so I was suspicious already. Decided to look for news about the spam on the web and found your blog comment. Thanks!

  • I've been getting these over the last couple of days too.

    At least in text version of the email the links seem unchanged.

  • Just got 50 of these today, its even more confusing if you view the text version as it all looks legit, I wondered if there was some sort of redirect exploit at CNN it was trying to use. Made sense when I looked at the HTML version with the dodgy hyperlinks. Thanks for the confirmation.

  • I have just reported these to CNN; but, had to use their online form to do it so I hope they get back to me.

    I have received about 10 copies, so far, and notice they are using multiple giberrish domains within the links.  This tactic will make it harder to defeat and it is going to be a more successful effort than many because most people will trust CNN.

    Combined with last weeks UPS and FEDEX schemes, I have to think a major effort is underway and suggest that everyone better get their shields up!

  • This is not from CNN... it looks like from CNN but in fact, the links refer to martinkahl.com where a "missing" plugin message appears... and if you try to install this, it's possible you got a trojan, virus or something like this....

  • I've gotten 3 of these so far this week. At first I thought it was legit because one of the links was about a real story. Then I scrolled over and saw a weird URL and knew the email was fake.

  • If companies would start using SPF records, you can prevent spoofing like this...it publishes the IP addresses that are "authorized" for sending from that DNS Domain.

    See, CNN has NO published SPF records -

    Link: http://vweb.nass.com.au/cgi-bin/dnslookup?data=cnn.com&server=

  • Some blogs are reporting that if you link to a newsitem you connect to a fairly bad malware

  • Someone subscribed me to "CNN dayly to 10". This this over news spam.

  • I just added a rule in Outlook to delete it automatically.

    It still p*sses me off seeing that there isn't much we can do about it. Hackers oughta be hung by the balls.

  • Thanks for the info. I too received this spam on all my emails. A real pain. I finally decided to program my antispam against all mail having "Daily Top 10" in their object. Hope that solves the case. What i don't understand is the utility of this. Apart from getting people to download a virus program. I confirm trough Gmail that there is a suspicious program linked to that spam.

  • Better add "Custom Alerts" to that spam filter...

Page 1 of 2 (26 items) 12