CNN Spam Attack

We detected and blocked a huge "CNN" spam campaign last week. This one is dangerous because it almost looks legitimate:

email spam

CNN Spam Email - NEVER click on anything in an email like this

The spammer made a few mistakes, like not aligning the image to the left, but it otherwise looks real. It might look better in a narrow browser window or if the spammer fixes the mistake.

The simple rule to remember is NEVER click on the buttons or links in an email like this. Otherwise, you might infect your computer or network with a virus, trojan horse or other malware. If you want to see the news story shown in the email, go directly to CNN by typing "cnn.com" directly into your web browser's address bar.

How This Scam Works

You receive an email in your Inbox that looks like it's promoting a CNN news story, usually some breaking news (such as this week's train derailment). There are one or more links in the message that you can click. DO NOT click any of the links.

We've determined that these emails are part of a potentially dangerous spam campaign. We've also blocked similar campaigns (e.g, from Facebook and eBay) this week and they appear to be related - coming from a botnet that's controlling "zombie" computers. It's flooding global email systems, increasing email volumes to around 90% of spam at times.

The links in the email don't go directly to CNN. They take you to a different web page for an instant (probably to find a security weakness on your machine) without you even knowing it -- and then take you to Facebook.

CNN spam - How It Works

CNN Spam Email - How It Works

According to Wes, one of our spam analysts: "For the brief moment you're on the scammer's website, it is probably looking for a security weakness on your web browser or computer that it can exploit, and then forwards you on to Facebook. It happens so quickly, most people don't realize they have been exposed."

Our new proprietary spam blocking tool can tell if an email is coming from a legitimate source (like real CNN email) or not. We blocked this campaign immediately, so our customers probably never saw it.

Avoid Being Infected

DON'T EVER click on the links in an email like this, no matter where appears to be from. You may end up on, or pass through, somewhere you DO NOT want to be.

If you're curious about where a link will really take you, hover over it (but DO NOT click). The actual destination appears in a small box at the bottom of your browser. But you shouldn't even trust that. Never click on links in email messages.

The links in this spam attack go to a web pages on exploited computers under the control of a botnet. The link destination follows this pattern:

www.<legitimate domain>.com/<random characters>/index.htm

That is the sign of a hacked computer. The index.htm file probably does something malicious, like trying to infect your computer or putting it under the control of the botnet.

How to Learn More

Our antispam team uses our proprietary Spamalyzer 3.0 to analyze and block email threats, protecting our customers 24/7/365. That's a claim virtually no other antispam provider can make. Click here for more about SpamStopsHere and our 24/7/365 live support