Aug 11 2008
“CNN Alerts: My Custom Alert email spam” - don’t click
If you get an email from CNN Alerts with a subject line like: “CNN Alerts: My Custom Alert email spam” be careful.
This is being sent out to people who never signed up for CNN alerts as well as those who have.
In the email the “Full story” link is actually linking to an unrelated attack websites, commonly to Russian domains, though Chinese and Middle East domains have also been used.
Once you click on the link you get told you need to download an update to Flash Player, Adobe Systems Inc.’s popular Internet media player, to view a video clip from CNN.
If you agree to download the bogus Flash update, you will be trapped in an endless loop, where clicking “Cancel” in the initial dialog produces a second pop-up. Clicking “Cancel” there returns you to the first pop-up. The only options at that point is to shut down the browser or give in and install the malware.
You should just delete the email and don’t click on anything.
[…] “CNN Alerts: My Custom Alert email spam” - don’t click […]