IT security and control firm Sophos is reminding computer users
to exercise diligence when checking their email in the wake of a
new widespread wave of dangerous spam messages that claim to be
breaking news alerts from MSNBC.
Samples intercepted at SophosLabsâ„¢, Sophos's global network of
virus, spyware and spam analysis centres, have revealed that rather
than containing a link to the story on MSNBC, unsuspecting users
that click on the URL in the email will be redirected to a
malicious webpage which will then attempt to infect computers with
a Trojan Horse.
The fake MSNBC emails link to malicious code
designed to infect your computer.
According to Sophos, the emails contain a variety of subject
lines including:
msnbc.com - BREAKING NEWS: Mary-Kate Olsen responsible for
Heath Ledger's death
msnbc.com - BREAKING NEWS: Google launches free music
downloads in China
msnbc.com - BREAKING NEWS: McDonald's found to breach FDA
regulations, suspended from trading
The messages are the latest from the spam gang that recently
distributed emails claiming
to be from CNN's breaking news alert service.
"Sadly, the latest salvo of spam hitting our inboxes is likely
to trick unsuspecting email users with its topical headlines and
the seemingly trusted source," said Graham Cluley, senior
technology consultant for Sophos. "But by now everyone should be
well aware of this kind of dirty trick and should never click on
links in unsolicited emails."
Sophos advises that the hackers' motive appears to be to scare
users into purchasing bogus security software.
"The malware on the webpage pointed to in the emails, downloads
further malicious code from the internet. The hackers can obviously
change that code (and its aim) at any time, but presently it
downloads rogue anti-virus software that tries to scare users into
buying a bogus product," explained Cluley. "If you do so, of
course, you will be handing over your credit card details to people
who have already proven they are prepared to break the law."
Customers using Sophos's email and web
gateway solutions are automatically protected against the
attack. Those using other vendors' products are advised to check
if they are protected or if an update is available.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.