Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Faux-CNN Spam Blitz Delivers Malicious Flash

samzenpus posted more than 5 years ago | from the careful-what-you-click dept.

Spam 213

CWmike writes "More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said today. The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a fake newer edition, which delivers a Trojan horse — identified by multiple names, including Cbeplay.a — that 'phones home' to a malicious server to grab and install additional malware."

cancel ×

213 comments

Ahhh, that explains it (4, Interesting)

Chris Pimlott (16212) | more than 5 years ago | (#24504275)

I was wondering why I being spammed with such a seemingly innocuous message, I thought perhaps it was just a filter poisoning attempt.

Re:Ahhh, that explains it (1, Funny)

Anonymous Coward | more than 5 years ago | (#24504401)

1995 called, they asked if "for(;;)alert("ha ha");" still f**ks current browsers for the average user?

Re:Ahhh, that explains it (1)

Shivetya (243324) | more than 5 years ago | (#24504483)

I have about a hundred in my spam box, they were all addressed to a contact name on a websites I maintain. None were sent to either personal address or the protected email address listed elsewhere on one site I have.

I did receive them on the corporate level and can only assume to name they spoofed allowed them to broadcast to all notes users... then again knowing some of my co-workers

I got one of these (5, Informative)

Anonymous Coward | more than 5 years ago | (#24504277)

it took me quite a while to figure out why this would be effective spam.

Then I had a look a the HTML view. Quite insidious.

It provides what looks like a linkified http://www.cnn.com/xxxxxxx that actually referrs to a different url.

Re:I got one of these (0)

Anonymous Coward | more than 5 years ago | (#24505669)

The spam filter we use shows both "from" addresses....and it's clear that it's NOT cnn....

*hugs hexamail*

snooze (-1, Flamebait)

toby (759) | more than 5 years ago | (#24504285)

"Trojan found that installs malware on Windows computers."

Wake me up when the rest of us need to worry. Oh, and tag this microsoft windows please.

Re:snooze (5, Insightful)

Atlantis-Rising (857278) | more than 5 years ago | (#24504473)

It's not a Windows problem, per se; the fact that it installs malware on Windows computers is functionally irrelevant.

PEBKAC- Problem Exists Between Keyboard and Chair.

There's absolutely no reason such a functionally identical attack would not work against any operating system you care to name, or even a theoretically perfect operating system were one to be invented.

Programs the user executes run in the user's security context. If you can trick the user, you can do whatever the user can do, or in this case, install malicious software.

Re:snooze (3, Insightful)

2nd Post! (213333) | more than 5 years ago | (#24504573)

It's hard to write a trojan that runs on multiple operating systems. They would need to write multiplatform trojans, and for now only Windows has the dominance to ensure profitability.

Not that it isn't possible; Adobe after all has Flash for both Mac and Windows PCs.

Re:snooze (4, Insightful)

Atlantis-Rising (857278) | more than 5 years ago | (#24504625)

Of course that's true in general (Java, perhaps?) but that's not really the issue, although it is an argument for systems diversity in general as opposed to any kind of monoculture.

The issue is that users are stupid. They will remain stupid regardless of what kind of operating system you plunk them in front of, and for my money I'd much rather Microsoft (or antivirus vendors or whomever else) spend their time working to fix actual holes- security flaws that can be exploited without exploiting the vulnerability of the user's stupidity.

Because, to be honest, the security flaw that is the user's intelligence or lack thereof is not something that Microsoft can, or should, fix.

Re:snooze (1)

2nd Post! (213333) | more than 5 years ago | (#24504783)

I suspect it should be possible to create a sandbox within a system that limits the capabilities of userland apps.

In other words instead of a UAC system you have a sandbox where user installed apps live and cannot get out of and the system can monitor these apps and their behaviors for maliciousness.

Re:snooze (2, Insightful)

Atlantis-Rising (857278) | more than 5 years ago | (#24504835)

Sure you could. Some of us do that right now- I have a VM running with a bare-bones Windows XP installation for IE and Firefox.

But this suffers problems. Namely, that if anything from the sandbox can't get out and harm the main system, you... can't get anything out of the sandbox.

The problem, as I said, is that programs run in the user's security context. It's perfectly possible to limit the capability of userland applications, but this does little good from a user's perspective; the user's data also resides in userland, and is the valuable part of the system. They don't really care if the kernel is still working if all their data is hosed.

Ultimately, as long as the user can access their data, so can a hostile program, so long as the user is willing to run it.

The only way to prevent this, essentially, is to prohibit anything from being deleted or modified- just write a new copy of whatever data you change, and write a transactional flag that stats that deleted data has had the 'deleted' attribute applied to it. Basically, an end-to-end journal of all file operations. And that'd be an enormous storage problem. Perhaps it is a solution in a handful of cases- if you can lock all the system files so they can't be written or modified and then ensure the user's data is never deleted or modified, only added to... maybe that's the solution. But it's not one I'd want to run at home, certainly.

Re:snooze (1)

Nerdfest (867930) | more than 5 years ago | (#24504879)

ZoneAlarm has a product called ForceField, that does it within Windows. I haven't tried it, but I think it sandboxes most of the browser, creates a dummy file system, etc. It seems like a good idea that should cover most exploits, at least until it gets popular.

Re:snooze (1)

hairyfeet (841228) | more than 5 years ago | (#24505263)

Here [sandboxie.com] is a nice little freeware sandbox I use for bad ID10T Windows problems.Works well and is easy to use.Enjoy! P.S. It'll work on FF and anything else you want to sandbox,not just browsers.

Re:snooze (0)

Anonymous Coward | more than 5 years ago | (#24504637)

Don't forget they also have a Linux version of flash. My simple C++ programs required little modifcation to the system calls for command line to work between linux and windows.

Nope. Package Management Stops This. (1, Insightful)

right handed (1310633) | more than 5 years ago | (#24504901)

Attacks like this don't work outside of Winblows. The problem is that users have been conditioned to needing a never ending series of non free "upgrades" from untrusted sites to do what they want. I can download Gnash all day from Ubuntu and never find a trojan. Not even Apple users have the same problem. Users of other OS have been conditioned to get their software from a place they can trust. Free software users have learned not to trust non free software like Flash itself.

Re:Nope. Package Management Stops This. (3, Insightful)

d34thm0nk3y (653414) | more than 5 years ago | (#24505499)

Not even Apple users have the same problem. Users of other OS have been conditioned to get their software from a place they can trust. Free software users have learned not to trust non free software like Flash itself.

So where do Apple users get their Flash updates from then?

Re:snooze (0)

Anonymous Coward | more than 5 years ago | (#24504739)

absolutely right! mod UP UP UP!

Re:snooze (2, Funny)

humphrm (18130) | more than 5 years ago | (#24504929)

There's absolutely no reason such a functionally identical attack would not work against any operating system you care to name

Mac OS X.

Running on an iPhone.

A non-3G iPhone.

SELinux (1)

Danathar (267989) | more than 5 years ago | (#24504973)

Not if you are using SELinux that is properly configured, in which case the access controls are set at the level of the applications security context.

Not saying that it's perfect, but it would help and I'm sure that is where most OS's are going to head in the future.

Re:SELinux (2, Insightful)

Atlantis-Rising (857278) | more than 5 years ago | (#24505133)

But who sets the application's security context? The user, of course.

(You might argue the administrator sets the security context of the application, and that would be correct; but in this case, the administrator and the user are one and the same.

I realize there exists a separate paradigm where you have a competent administrator sitting on top of an incompetent user and basically 'screening' what happens- in that case, indeed, the 'user' we are referring to is competent and therefore able to provide the security context as appropriate.)

PEBKAW3C (1)

Mateo_LeFou (859634) | more than 5 years ago | (#24505095)

I might just be on a hobbyhorse here, but it seems like a proper HTML5 standard with a -video- tag and a recommended codec would put a stop to all this "Download the latest executable thingamajig to view the media on this site"

(if you hadn't heard, this was tried, and any DRM-incompatible codec was called a "non-starter" by the "content industry")

Re:PEBKAW3C (1)

Atlantis-Rising (857278) | more than 5 years ago | (#24505171)

I think that would require people to actually know what the hell the HTML5 standard is and what its video tag would be.

Such a system wouldn't put a stop to anything- and nor, quite frankly, would one expect it to; just because there is a standard does not mean that disobedience to the dictates of such standard implies a lack of security.

Re:snooze (4, Interesting)

edalytical (671270) | more than 5 years ago | (#24505211)

It's not a Windows problem nor is it a user problem. BTU (blame the user) is easy to toss around for us geeks, but it really masks the true issue here.

That is, user have be trained to install browser plugins by content providers. These so-called content providers only want to control their content, it's inconsequential to them that they're also exerting control over their viewers. It's also ironic that the mindless stride to control viewers has led that control into the hands of even more dishonest criminals.

In a sense most content provider plugins are trojans themselves. That is, they tell the user they'll provide the ability to view their content, but what they really do is take functionality out of the software and take control away from the user.

This trojan is possible because installing a trojan is an accepted Internet practice. Quick raise you hand if you have RealPlayer installed. Ideally a browser is all anyone needs to view the web, but at some point during commercialization of the Internet the community took a step in the wrong direction: Flash, RealPlayer. Barf. Don't you see, the problem is clearly not the users fault.

The problem, in fact, lies with the likes of Adobe, Real and Microsoft for creating stupid crap like Flash, RealPlayer, Silverlight then demanding users install these without thought to view content. If there were nice standards that provided the functionality of these plugins in the browser this would be a non-issue -- the trojan would never have been created.

Re:snooze (1)

Atlantis-Rising (857278) | more than 5 years ago | (#24505255)

I'm not sure how you can blame the content providers. I'm trying to come up with an analogy, but I can't- I think your model is that flawed.

The user has a choice. The user is not forced to install browser plugins. Moreover, not all those plugins are harmful; are you arguing that a monopoly is better for users than diversity? Because that appears to be what you're claiming.

Really, I think you've mixed your own ideological struggles with content providers with the technical issue- and the technical issue is that the security flaw here is not software. It's the user.

Even if you're right about the cause of the flaw, which I strongly disagree with, that doesn't change the flaw.

Re:snooze (1)

edalytical (671270) | more than 5 years ago | (#24505405)

I'm not sure how you can blame the content providers.

It's not hard to understand, let me spell it out for you in user-friendly terms. Content providers often require users to install additional software thus the user is not suspicious when a website wants them to install additional software. Simple isn't it.

There is even terminology in psychology for this, it's called: positive reinforcement. That is the user is used to installing additional software without negative consequence thus they are likely to install more additional software without thought. After all the last time they installed additional software they were rewarded with cool content.

This has nothing to do with choice. It doesn't have anything to do with some plugins not being harmful. I'm not arguing for a monopoly at all, that is a very distorted interpretation of my post. I am talking about behavior, namely reinforced behavior. I'm not say it was intentional and/or malicious on the parts of content providers or Adobe or Microsoft and Real. What I am saying is the trojan was possible indirectly because of them.

Re:snooze (1)

Atlantis-Rising (857278) | more than 5 years ago | (#24505467)

Blame implies they are guilty of some misdeed. They are not.

They have no responsibility for the user's lack of competence, and positive reinforcement is no excuse.

That would be appropriate if, in fact, they were reinforcing the fact that the user should do something wrong, but that is not the case.

Re:snooze (1)

Goaway (82658) | more than 5 years ago | (#24505323)

There's absolutely no reason such a functionally identical attack would not work against any operating system you care to name,

Well, the enormous hassle involved in getting software outside of a repository installed on a Linux system would leave it quite hardened against this kind of attack.

getting software outside of a repository installed (1)

pbhj (607776) | more than 5 years ago | (#24505435)

Like clicking on a .deb package, [entering password,] and letting gdebi install it?

Re:snooze (1)

JonSimons (1026038) | more than 5 years ago | (#24505707)

It's not a Windows problem, per se; the fact that it installs malware on Windows computers is functionally irrelevant.

I don't use Windows, thus I couldn't be affected by this particular crap at all. It is a Windows problem. Now, the issue of ignorant users is also a problem; but don't let Windows off the hook.

Re:snooze (1)

Atlantis-Rising (857278) | more than 5 years ago | (#24505753)

If that is the case, then how do you change Windows to defend the user?

If, in fact, the problem is with Windows, then obviously there is something Microsoft can fix to-

Oh, wait, no. They can't. The operating system is not doing anything wrong.

Re:snooze (0)

Anonymous Coward | more than 5 years ago | (#24504947)

Wake me up when the rest of us need to worry.

Yea, because hundreds and thousands (or hundreds-of-thousands) of compromised Windows boxes on the internet couldn't possibly have an untoward effect on anyone else...

dumbass

Finally! (0)

Anonymous Coward | more than 5 years ago | (#24504317)

I thought I was on crack! I thought my mailserver got hacked. I have been receiving 20+ of these messages for the past 3 days...

Update exchange's filter rules, with no affect.

Lets get this filtered!

Re:Finally! (0, Redundant)

nurb432 (527695) | more than 5 years ago | (#24504429)

20+? That is small time.

Cbeplay.a (1, Informative)

shvytejimas (1083291) | more than 5 years ago | (#24504321)

It is windows only [sophos.com] .
A relief, kinda..

Luckily GNU/Linus is secure... (0)

Skiron (735617) | more than 5 years ago | (#24504327)

... it takes a lot to get the kosher flashplayer to work, let alone a hooky one.

More secure, yes. (2, Informative)

nurb432 (527695) | more than 5 years ago | (#24504413)

But not invincible..

Re:Luckily GNU/Linus is secure... (0)

Anonymous Coward | more than 5 years ago | (#24504445)

If you are using fedora it's 2 steps:

# rpm -Uvh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm

# yum install flash-plugin

Windows is MUCH harder, because "average users" end up spending all their time re-installing everything when shit like this virus happens.

Re:Luckily GNU/Linus is secure... (0)

Anonymous Coward | more than 5 years ago | (#24505029)

The only problem, of course, is retarded names like "rpm" and "yum" that open source developers think are clever, somehow. People can't remember that shit at all.

So in reality, there are an indeterminate number of steps you're missing, where they spend time figuring out how to do the two meaningful steps.

Re:Luckily GNU/Linus is secure... (1)

againjj (1132651) | more than 5 years ago | (#24504505)

I have very deliberately avoided installing Flash on my machines. This story provides yet another reason why such a policy is good. It keeps out some annoying ads, too.

Re:Luckily GNU/Linus is secure... (1)

Gavagai80 (1275204) | more than 5 years ago | (#24504643)

Copying one file is a lot?

Faux-CNN Spam Blitz Delivers Malicious Flash? (1)

morari (1080535) | more than 5 years ago | (#24504329)

More like "Faux-CNN Spam Wolf Blitzer Delivers Malicious Flash"!

WINDOWS ONLY. (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24504337)

Of course, if you are smart enough not to run Microsoft Windows, this doesn't affect you...

Here's a nickel, kid. Go get yourself a *real* operating system...

Re:WINDOWS ONLY. (2, Insightful)

corsec67 (627446) | more than 5 years ago | (#24504349)

Instead of a nickel, how about giving that kid a CDR of a better OS?

Re:WINDOWS ONLY. (3, Interesting)

oldspewey (1303305) | more than 5 years ago | (#24504501)

Here's a nickel, kid. Go get yourself a *real* operating system...

I enjoy playing around with Linux. I have a couple spare partitions on my desktop machine where I'll install an interesting new distro when I have some time (right now I have Kubuntu and WinXP set up as dual-boot), and maybe learn a little something about package management or do some cool things in bash ... whatever, doesn't matter to me ... it's the exploring that's the important thing.

You know what? Every time I read a post like the above, it turns me off Linux just a tiny bit.

Re:WINDOWS ONLY. (2, Insightful)

Anonymous Coward | more than 5 years ago | (#24504801)

If someone saying something like that turns you off of Linux, you can expect to hear a lot more of that from people who don't want you to use Linux.

What in the world some jackass' trite comment has to do with your being "turned on" to Linux is beyond me. Either Linux is potentially valuable to you or it isn't. And the GP didn't even mention Linux.

Stop giving other people so much power over your behavior. You are responsible for your behavior, even if you let other people do your thinking for you.

"I wanted to use Linux but some jackass made a trite comment not even directed at me, so it's his fault I don't like Linux." What would you think about someone who made a statement like that?

Re:WINDOWS ONLY. (3, Insightful)

dedazo (737510) | more than 5 years ago | (#24504519)

Of course, if you are smart enough not to run Microsoft Windows, this doesn't affect you...

Of course you can also run Windows and avoid doing unsafe, stupid things. That usually works.

Here's a nickel, kid.

Since I'm on a 3270 terminal to an OS/390 box the size of your house right now, here's your nickel back, and a check for $50.

Re:WINDOWS ONLY. (-1, Troll)

computersareevil (244846) | more than 5 years ago | (#24504553)

Of course you can also run Windows and avoid doing unsafe, stupid things.

Um, running Windows is unsafe and stupid.

Re:WINDOWS ONLY. (4, Insightful)

dedazo (737510) | more than 5 years ago | (#24504635)

Is it really? I've owned many Windows computers over the past 20 years and I've never had any problems with security. Well, there was that one floppy in the early 90s I accidentally booted off of...

There's 8 Windows boxes here on my den right now. Three servers, two laptops and three workstations. None of them are pwned, rooted, infected, trojaned or otherwise compromised. And they've never been. None of my Server 2003 colo boxes have ever been compromised either. I'm curious, what do you find difficult about securing Windows?

Re:WINDOWS ONLY. (0, Offtopic)

computersareevil (244846) | more than 5 years ago | (#24504799)

How many Windows viruses, trojans, and other malware programs are there successfully spreading in the wild? Thousands? TENS of thousands?

OK, now how many Linux, BSD, or OS X viruses, trojans, other malware programs are successfully spreading in the wild? ZERO, ZILCH, NADA, ZIP.

So you tell me: How difficult is it to secure Windows? Must be damn near impossible.

You even admit that despite your self-proclaimed superior ability to secure Windows, you were still a victim of a trojan.

Re:WINDOWS ONLY. (1)

Lulfas (1140109) | more than 5 years ago | (#24504841)

How many Windows users are there successfully spreading in the wild? Millions? TENS of millions? OK, now how many LINUX, BSD, or OS X users are successfully spreading in the wild? 500k? 2-3million at the most? Just admit it. Most people use windows. Therefore, it will have the most problems. Not enough people to matter use other systems. They don't matter.

Re:WINDOWS ONLY. (1)

ksd1337 (1029386) | more than 5 years ago | (#24504893)

OK, now how many Linux, BSD, or OS X viruses, trojans, other malware programs are successfully spreading in the wild? ZERO, ZILCH, NADA, ZIP.

That's because no one bothers to write malware for these systems. The majority of computer users use Windows, so that's the target audience.

It's very easy to secure Windows. Just be careful what you do with your computer, especially if it has an Internet connection. If you want to download some $exCashMoneyV!@gRa_UltimateSearchBar toolbar, that's your fault.

I'm no fan of Microsoft, but I don't bash them for things they didn't do.

Re:WINDOWS ONLY. (5, Insightful)

dedazo (737510) | more than 5 years ago | (#24504931)

How many Windows viruses, trojans, and other malware programs are there successfully spreading in the wild?

MyDoom, which holds the record [cnn.com] for fastest-spreading worm ever, did so through email and required significant user action.

OK, now how many Linux, BSD, or OS X viruses, trojans, other malware programs are successfully spreading in the wild? ZERO, ZILCH, NADA, ZIP.

Statistically, there are about as many of those as there are normal desktop computer users for the platform, since most of these attacks rely on social engineering (as opposed to actual vulnerabilities) to succeed. So the lack of malware for your platform is not due to its inherent superiority, but to the size of its installed base. Windows may have more attack vectors than Linux or OS X, but that doesn't mean that they can be avoided with $0.05 worth of simple common sense.

So you tell me: How difficult is it to secure Windows? Must be damn near impossible.

No, that's why I asked you the question. It's not at all. If it were, those 100K machine botnets would have 100 million zombies instead, and that's not the case, is it? Or do you figure the malware vendors are just not interested in a potential pool of that size? By most measures there's about a billion computers in the planet running some version of Windows.

You even admit that despite your self-proclaimed superior ability to secure Windows, you were still a victim of a trojan.

Oh, sure. But there's no need to be quippy about it. That happened almost 20 years ago, and it was the first and last time any of my systems were compromised. I guess I'm a good learner.

And by the way, "superior ability" is not needed at all. Just patch your boxes and don't download or run stuff from untrusted sources. That should take care of about 99.99% of all your problems. And that's true of any OS.

Re:WINDOWS ONLY. (1)

D Ninja (825055) | more than 5 years ago | (#24505321)

Three servers, two laptops and three workstations. None of them are pwned, rooted, infected, trojaned or otherwise compromised. And they've never been.

Prove it.

(Not that I don't believe you...but that's a pretty heavy statement to make.)

Re:WINDOWS ONLY. LINUX IS NOT ANY MORE SECURE (0)

Anonymous Coward | more than 5 years ago | (#24504689)

In its DEFAULT setup, especially regarding security? Maybe... but, NOT if you do this:

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, + make it "fun to do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=69e3a8383c24ab823ef36b246b66ce88&showtopic=2662 [tcmagazine.com]

Then again, IF you look there? Linux doesn't do ANY BETTER "outta-the-box/oem-stock" (yes, even SeLinux bearing distros) either, as both OS' stock only score into the mid-40's of 100 possible ranges, initially (until you 'security-harden' them).

Both reach 90's++ ranges, IF you take the time to do the work required, per CIS Tool guidance and the other points that guide notes to look out for, & shore up.

Re:WINDOWS ONLY. (0)

Anonymous Coward | more than 5 years ago | (#24505119)

I love free software, but I am sick and tired of you retarded linux zealots.

Re:WINDOWS ONLY. (0)

Anonymous Coward | more than 5 years ago | (#24505245)

Where does the OP say they run Linux?

Your own bias is showing through.

Re:WINDOWS ONLY. (1)

networkzombie (921324) | more than 5 years ago | (#24505607)

> Since I'm on a 3270 terminal to an OS/390 box the size of your house right now

I doubt that. My house is pretty small. Do you have a Kaypro?

WINDOWS SHILL (0)

Anonymous Coward | more than 5 years ago | (#24505611)

Now I understand. dedazo appears to be a well-know Micro$oft shill.

Re:WINDOWS ONLY. Dilbert source (1, Informative)

Anonymous Coward | more than 5 years ago | (#24505327)

And here's the original Dilbert comic for that line

http://ozguru.mu.nu/Photos/2005-11-11--Dilbert_Unix.jpg [ozguru.mu.nu]

I'm on a Mac! (-1, Troll)

objekt (232270) | more than 5 years ago | (#24504357)

You insensitive...er, umm...yeah, I'm alright.

And a big "Ha-ha!" to windoze users.

My flash player was working earlier... (1)

iztehsux (1339985) | more than 5 years ago | (#24504375)

Botnets for sale!

IE7 Scam (5, Funny)

nurb432 (527695) | more than 5 years ago | (#24504399)

There is another similar one pushing 'IE 7 is now available for download' from 'Microsoft'.

ya.. right...

Re:IE7 Scam (1)

22_9_3_11_25 (645799) | more than 5 years ago | (#24505105)

I don't know why you were modded funny because I actually received this in my inbox at work this morning. I of course deleted it but was considering sending out a warning.

Sure it's a trojan... (0)

Anonymous Coward | more than 5 years ago | (#24504423)

But is Cbeplay easy to develop for?

Facebook, too? (2, Informative)

MaliciousSmurf (960366) | more than 5 years ago | (#24504443)

Here's an excerpt from a message posted by a friend on EVERYONE's wall: (X's are mine, just to add some security) "HEY GUYS GET YOUR GAMING ON! ENTER AND WIN A PS3 Or Free PLASMA ITS EASY AND FREE SIGN UP AT THE URL BELOW http://xxxxx.imageshack.us/XXXXX/gameonit4.swf [imageshack.us] "

Lawsuit? (5, Insightful)

cdrguru (88047) | more than 5 years ago | (#24504451)

Too bad nobody is ever going to find the folks responsible for this. Pretty much any email that even has the letters "cnn" in it will go in the trash now. Do you think any email of a forwarded story from the CNN site would possibly get through today? Next week? It wouldn't surprise me if CNN.com ad rates took a nosedive because of this as well. Who wants to go to "the spammer" web site?

This is the sort of extremely bad PR that CNN would be well within their rights to sue the pants off of whoever started this nonsense. Unfortunately, it probably originated somewhere that doesn't care about US companies, US laws or what people think about spam. Also, how exactly would you prove where it came from?

Hope someone is getting paid real good for this. I don't think this can put CNN out of business, but it is certainly going to hurt real bad.

Lawsuit? No. DEATH PENALTY. (0)

Anonymous Coward | more than 5 years ago | (#24504491)

This attack shows a complete disregard for fellow humans by the 100s of millions. The only fair punishment is the death penalty. There may even be some deterrent effect from that, but even without it should still be DEATH!

Re:Lawsuit? (5, Insightful)

dedazo (737510) | more than 5 years ago | (#24504569)

Considering how difficult and expensive it is to track down, indict and convict spammers and malware peddlers (not to mention they later tend to escape and commit suicide), I doubt CNN has the time or energy to do this.

You're never going to fix people's stupidity, which is ultimately the root of the problem.

Re:Lawsuit? (0)

Anonymous Coward | more than 5 years ago | (#24504831)

Pretty much any email that even has the letters "cnn" in it will go in the trash now. Do you think any email of a forwarded story from the CNN site would possibly get through today?

Yeah, and as it is NO banking site as far as I am concerned can use email to it's own users. I assume that ANY email from someone claiming to be a bank that I utilize over the web, is a phish and goes right into the spambucket. In fact, if things get much worse then I won't be using the internet for banking anymore at all, though that would be a lot less convenient. Trust is not something that seems on the horizon, and the quickest way to completely scuttle it would be for the Fed, Microsoft or AT&T & the like step up and claim to offer it via one of their usual hackneyed schemes...

Re:Lawsuit? (3, Interesting)

trawg (308495) | more than 5 years ago | (#24504897)

It's certainly a good advertisement for digitally signed email.

I realise digital signatures are still beyond the reach of most people that use email, but for those of us that actually know what they are and how to use them, it's a pretty decent solution to this problem - at least for people that want to receive email from CNN.

1) Sign up to CNN for emails
2) Enter your public key in your CNN alerts profile
3) Configure your mail client in such a way as to only accept email purporting to be from CNN that is digitally signed
4) Any email from CNN that is digitally signed, verify the signature - if it matches, accept it, if it doesn't, throw it in the spam pile.

Re:Lawsuit? (1)

ignavus (213578) | more than 5 years ago | (#24505147)

I never watch or listen to CNN - it is not available on any channel on my TV and I am not interested in it.

I would put any email from CNN straight into the bin. So spammers trying to impersonate CNN are going to get exactly the same treatment.

So spammers - keep impersonating the firms I don't care about (and that's almost all of them).

Re:Lawsuit? (1)

drew30319 (828970) | more than 5 years ago | (#24505205)

I've no idea how many sites were used but the one used in the site that spammed me is already down. The site is/was (www . weddingsinsardinia . com) if you're curious. (well, that's the site even if you're not curious - but you know what I mean)

I only received one of these and am surprised, I have a dozen or so domains, so I guess the spam filters caught on pretty quickly.

Google Mail (1)

jefu (53450) | more than 5 years ago | (#24504469)

I've received nine of these (in just a few hours) on my usual (university) email address. But google mail keeps telling me about them, instead of marking them as spam or phishing and just moving them out of the way. Worse yet it leaves them on my (university) mail server which has an absurdly low quota - so I'll have to remove them manually. This means I need to deal with this crap twice - once when google mail tells me it won't give it to me and once when I need to login to the server and manually delete them. It would be so much nicer if google mail would flag these as spam or phishing, take them off the server and just make them invisible.

Of course (and yes, I'm contradicting myself) I'd also like (since I'm interested in viruses and the like) to be able to set a flag where I could say, "Let me download this. Yes, I do know what I'm doing" and give it to me in some nice packed format.

Re:Google Mail (1)

porkUpine (623110) | more than 5 years ago | (#24504883)

There is an easy fix for this in Gmail. You'll need to create a new filter like the following


Matches: is:spam
Do this: Skip Inbox, Delete it

Re:Google Mail (1)

jefu (53450) | more than 5 years ago | (#24504915)

Nope. Can't. Google says there is a virus and so it was left on the server. Is there a way to change that?

Re:Google Mail (0)

Anonymous Coward | more than 5 years ago | (#24505085)

Worse yet it leaves them on my (university) mail server

After reading your post like 5 times I finally realized that you're missing the point:
Gmail is not going to accept that email because it knows there's a virus in it. And you're complaining about that?

If you *really* want those emails, I suggest setting up your university address to just forward everything to gmail. Then you can create a filter or just delete them once.

Re:Google Mail (1)

jefu (53450) | more than 5 years ago | (#24505203)

I'd prefer that gmail accept the mail from the server and mark it as spam/phishing/whatever. I'd also like to be able to set a preference that allows me to decide that "yes, I would like to download that" and have gmail give it to me in a packed up format that I'd have to unpack somehow - just to make it hard for someone to inadvertently run the thing.

Re:Google Mail (0, Offtopic)

Kent Recal (714863) | more than 5 years ago | (#24505513)

Oh and while we're google bashing here: I would like if google groups would echo my own damn posts back to me like every other mailing list software does!

Lessons Learned (3, Insightful)

Nymz (905908) | more than 5 years ago | (#24504517)

Companies doing business on the web have curtailed the functionality of email correspondence, and often tell consumers the only safe method is to visit their site and log in. Acquiring software isn't much different, get it from the source. Personally, I find the incessant requirement of plug-ins to be breaking the web when no alternative (text) is offered. /Get off my lawn!

Re:Lessons Learned (1)

r7 (409657) | more than 5 years ago | (#24505189)

Make that "Companies doing business on the web without basic spam filters in place". Our mailservers all run Spamassassin which easily recognized and tagged these as spam: score=8.449 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HELO_DYNAMIC_DHCP=1.398, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.2, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_MONEYTERMS=0.681]. Companies that can't even manage to implement basic spam filters are at a competitve disadvantage. Those that curtail their email correspondence are, well, a good oppotunity for short sellers.

Perhaps more revealing is how many Slashdot posters are missing the real point of this story. It's not phishing, which is old news, but the security flaws of a proprietary and closed source application. There's no way Adobe can secure Flash without taking it to open source and getting the resulting peer review. That's information security 101. Heck, Adobe hasn't even figured out how to release a version of Flash for 64bit Linux, which is a heck of a lot easier than security code audits. Appears that, despite claims to the contrary, Linux users care more about free as in wallets than free as in source.

Re:Lessons Learned (3, Insightful)

DavidTC (10147) | more than 5 years ago | (#24505517)

Dude, spamassassin didn't recognize that message as spam.

DNS_FROM_OPENWHOIS, HELO_DYNAMIC_DHCP, RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_PBL,RCVD_IN_XBL, and RDNS_NONE are origin checks, not message checks. (Well, the helo isn't technically, but forging it would be worse than correctly stating the dynamic IP.)

According to the message checks, that message scored BAYES_50=0.001 and HTML_MESSAGE=0.001 using standard spamassassin checks, and SARE_MONEYTERMS=0.681 from the very nice SAREs checks that smart mail admin install. That is almost certainly not enough to mark it as spam. And the 'money terms' probably triggered by sheer chance, considering this thing is scraping CNN.com for headlines. Other messages sent by this thing probably wouldn't trip over that.

The reason it was blocked was that it came from an IP that was current blacklisted for spamming and was clearly a dynamic IP, not that spamassassin recognized the message. Any mail from that IP would have been blocked. Spamassassin actually fell down pretty badly on the content analysis.

It's Fox News (1, Offtopic)

actionbastard (1206160) | more than 5 years ago | (#24504571)

Damn their oily hides!

What, no CNN link? (3, Funny)

Chris Pimlott (16212) | more than 5 years ago | (#24504593)

I can see the headline now: "We're not spamming you (really)"

Re:What, no CNN link? (1)

Vukovar (1203574) | more than 5 years ago | (#24504853)

How about "Fair & Balanced malware"....

Re:What, no CNN link? (1, Funny)

Anonymous Coward | more than 5 years ago | (#24505107)

Well, between the trojan and the flash and javascript nightmare which crashes some browsers that is cnn.com, I suspect most people are choosing the virus. There's no point in putting it up on the website.

Must be a slow day at slashdot... (2, Insightful)

TheMCP (121589) | more than 5 years ago | (#24504603)

A trojan-horse application is being delivered by email, masquerading as content from a major corporation.

This is news? We're supposed to be surprised?

The future of Malware? (4, Interesting)

jeiler (1106393) | more than 5 years ago | (#24504617)

Cross-posted from my journal.

And now we have the latest malware wave [slashdot.org] , where 1000+ legitimate sites have been hacked to serve a fake Flash player. This is going to seriously hurt CNN's reputation (and ad revenue), as a lot of folks are going to set their mail servers to delete stuff that even mentions CNN. Worse yet, it's going to put a serious hurting on the 1000+ hacked sites: CNN has enough goodwill and trust built up that it will survive the onslaught, but the "other victims" may end up blacklisted by a lot of folks.

Most malware authors have learned not to crap in their own bed: the days of a virus that wiped your files are fading; now we have malware that more-or-less uses your files alone, but uses your connection to send spam or do DoS attacks. If they make the attack less blatant, it's less likely to be discovered and cleaned up.

While the malware authors may be trying to stay quiet on the PC, they sure don't mind hurting companies ... and that hurts the internet as a whole. As much as some in the geek community may dislike it, the Internet is payed for by commerce--internet sales, services, and subscriptions indirectly pay for the infrastructure we all use. If these small companies are hurt by spammers and malware authors, then the small companies may be less willing to maintain an internet presence--which means there will be less people who pay the ISPs to maintain and improve the infrastructure.

There are a lot of contingent statements in the above paragraph, and maybe I'm getting more worried than I should be, but I have to wonder: how long will it be until spammers, scammers, and other low-grade shits ruin the Internet for everyone?

Re:The future of Malware? (1)

robogun (466062) | more than 5 years ago | (#24504793)

I think Flash takes the hit, and maybe video news delivery as well. But to be honest, what's the great loss? I like CNN and have it bookmarked, but nothing is more irritating than a story that is video only. Unless the story is visually compelling, there is no need to waste so much bandwidth.

Re:The future of Malware? (1)

Red Flayer (890720) | more than 5 years ago | (#24504843)

There are a lot of contingent statements in the above paragraph, and maybe I'm getting more worried than I should be, but I have to wonder: how long will it be until spammers, scammers, and other low-grade shits ruin the Internet for everyone?

I'd be more concerned about the internet being ruined by net partisaniality (for lack of a better term -- what exactly is the opposite of net neutrality?). The internet ceasing to be a content-agnostic delivery system for bits would be the real tragedy.

As far as spammers, phishers, scammers, etc -- the world has always been full of them, and the internet has just made them more efficient. We will always have people who are not "netsmart" just as we have people who are not "streetsmart". The public at large has always born some of the cost of these people getting suckered, be it through having to pay for security (police, etc), or lost or misdirected productivity.

Re:The future of Malware? (2, Interesting)

jeiler (1106393) | more than 5 years ago | (#24505403)

The internet ceasing to be a content-agnostic delivery system for bits would be the real tragedy.

This is starting to wander off-topic, but the Internet has never been "content agnostic"--and the WWW is even less so. At least since the advent of the "commercial Internet," and even to some extent on the pre-commercial "academic internet," content (and locations) is vetted by the administrators of the various service providers. Back in the days of the academic Internet--your sysop doesn't like netnews? He can tell the college administrators "It's full of porn," block port 119, and there's not a damn thing most users could do about it. Worse yet--your sysop has a beef against Indiana State University? He can block the whole domain, and you have to go outside your school's network to get there.

Now in the days of the "Commercial Internet," it's even worse. Most providers treat it as a business instead of content-agnostic media--well, that's completely understandable, given that it is a business. And by treating the Internet as a business, blocking (or even simply refusing to support) things like Usenet actually saves them money, making them more profitable.

Now come the spammers, and how do the local ISPs react? Do they block the offending websites? If so, do they take the time to weed through and block the specific pages, or do they just do a quick-and-dirty block of the name or IP range? The second takes less time and effort--which means less expense.

I dunno. Maybe registrar is right, and I'm just doom-and-glooming. But I'm sick and tired of the "content-agnostic delivery system" being hijacked by the very people who I pay money each month to be able to use the damn thing.

Re:The future of Malware? (1)

registrar (1220876) | more than 5 years ago | (#24504881)

Your doom-and-gloom is misguided. The internet won't get wrecked by scams like this. The only thing that distinguishes the internet from the rest of life is the connectivity. Individual behaviours that are recognisable as sociopathic outside the internet (scamming, bullying, stalking, spamming) are not somehow going to win on the internet.

Yes, the connectivity allows sociopaths to make life suck for more people simultaneously than was previously possible, or make it suck more for one person than was previously possible. But the goodies have the same connectivity improvement as the baddies. The non-sociopaths just want to get online and do their thing (read, communicate, buy, sell, make spam filters, prosecute child molesters) without trampling on people. The goodies have always outweighed the baddies on the internet, and there is no reason to believe the balance is changing.

The real threat to the internet is from organisations who use PR machines to avoid transferring common decency from the rest of life. For example, companies who compete unfairly (Microsoft), get laws passed to define "internet only" crimes in their favour, sue people they would otherwise leave alone (RIAA), inadequately protect private data publicly accessible, and of course, nations who spy on everyone. These organisations leave everyone with a feeling of distrust that they cannot overcome.

My Spam Filters Worked This Time (0)

Anonymous Coward | more than 5 years ago | (#24504769)

My ISP-provided spam filter caught this one and tossed it into the e-carp can and so did Gmail's spam filter. In the ISP-provided spam e-box, I've been noticing quite a bit of faux news email headers, including thousands dead in a stampede at a soccer game?? Dumbass spammers.

Sourceforge harvested, gmail bounced it (3, Funny)

coljac (154587) | more than 5 years ago | (#24504805)

This spam helped me find a bug in my procmail recipe - this was sent to my Sourceforge email address (never had spam there before), and was forwarded on to Google which bounced it as an illegal attachment. Kudos to Google for being on the ball.

The 1,200 recursive bounce messages that ensued were no-one's fault but my own. :)

I started seeing this at work 2 days ago... (1)

Bubba (11258) | more than 5 years ago | (#24504933)

Solution to unintelligent users was to block all downloads of "get_flash_update.exe" on our proxy server.

Removal process was fairly trivial; All processes/files were > 10 chars randomized like a362b462da6.exe/scr. Processes were easily killable and removable without having to do anything fancy like boot off a Linux CD.

The only things we found that it installed was XP AntiVirus 2008 under C:\program files\[random > 10 digit name]. Again, fairly easy to remove.

Another day, another spam mail getting through our crappy anti-spam service.

Re:I started seeing this at work 2 days ago... (1)

Bubba (11258) | more than 5 years ago | (#24505001)

For those that care for more information,

Also found Infostealer CbEvtSvc.exe in System32 directory, so you have to kill this and delete as well.

You also need to remove a registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\[random name from above] (for machines infected with XP Antivirus 2008).

Also, you need to ask the user who actually clicked on the message to get the machine infected to to run these commands then have them reboot (basically resets display preference tabs, disables active desktop (what was Microsoft thinking; but what a great way to load BHO's at login)):

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v NoDispBackgroundPage /t REG_DWORD /d 0
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v NoDispScrSavPage /t REG_DWORD /d 0
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v NoDispSettingsPage /t REG_DWORD /d 0
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_DWORD /d 0
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoActiveDesktop /t REG_DWORD /d 0

Hopefully some of my sample submissions made it to your vendors by today...

HTH,
Bubba

"Malicious Flash" (0)

Anonymous Coward | more than 5 years ago | (#24504963)

No way am I clicking a link on an article with a headline of "Malicious Flash". goatse is not an experience i wish to repeat.

What Malicious Email? (1)

rossz (67331) | more than 5 years ago | (#24505089)

I haven't received a single one. This is why I run my own mail server. I don't trust other people to do a good job.

Without looking at the logs, my guess is the Zen list from Spamhaus.org is doing the good work here.

Linux Sux (5, Funny)

Jafar00 (673457) | more than 5 years ago | (#24505731)

It's unfair. I clicked the link in the email, and it told me to update flash, but the flash updater I downloaded from their site doesn't work on my computer.

How am I supposed to see the CNN videos if they don't make a linux version? Linux sux, I'm going back to windows. :(
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...