Aug. 13, 2008 at 4:55 PM ET
Spammers have upped the ante in their efforts to trick news consumers, switching from e-mails with tabloid-style headlines to impersonating major online news services. On Wednesday, e-mails that appeared to be from msnbc.com landed in inboxes worldwide, promising breaking news and confusing some recipients.
The spam unleashed Wednesday follows a massive campaign last week in which spammers impersonated CNN.com. That campaign saw 250 million spam messages sent in one intense 24 hour period, according to spam-fighting firm MX Logic Inc. Those e-mails appeared to include links to CNN's top 10 stories, but Internet users who were tricked into clicking on those links were sent instead to Web sites overseas that were booby-trapped with malicious software.
Recipients should immediately delete any unexpected e-mails purportedly from CNN, msnbc.com or any other firm that they haven't done business with and authorized to contact them.
Users who open the fake CNN or msnbc.com e-mails and click on a link are in for a bad day if they fall for the ruse. Those who do are sent to Web sites that attempt to trick them into downloading what is described as a video player plug-in. Instead, the malicious software will infect the user's computer, ultimately giving hackers complete control over the machine. Infected computers are then used to send out even more spam.
"This new tactic is likely to be more successful than recent 'single-line spam' campaigns because it looks like a legitimate e-mail news update," said Sam Masiello, director of threat management at MX Logic.
After the initial top 10 headline spam, the campaign morphed into more focused e-mails purporting to come from "CNN Alerts," which included links to what appeared to be a single news story – with an actual headline lifted from the news site -- but was actually a booby-trapped link. In one such e-mail reviewed by msnbc.com, the e-mail was sent from a domain in Australia, and the links took clickers back to Australian Web sites.
MX Logic says it captured 850 million CNN spam messages since Aug. 4, and that the volume has steadily increased, suggesting that recipients have fallen for the ploy and their infected computers have been used to send out even more spam.
So far, MX Logic says, it's catching about 2 million msnbc.com spam messages per hour, but the rate is steadily increasing. Security firm Sophos said the msnbc.com spam spiked at one point on Wednesday morning and equaled the total amount of all other spam the firm was trapping.
The first msnbc.com spam was sent around 4 a.m. ET, MX Logic said.
Masiello said he believes the same criminal gang is responsible for both the CNN and the msnbc.com spam campaigns.
One of the msnbc.com spam messages, with the subject line "BREAKING NEWS: Americans love law suits for breakfast," appeared to come from a computer in Spain. The realistic-looking e-mail includes some actual links to msnbc.com in an attempt to confuse the recipient.
Spammers have impersonated major Internet sites -- including news sites -- for years. In 2006, a widespread spam campaign impersonated the BBC Web site, promising news about Russian president Vladimir Putin.
It's unclear why there's a sudden surge of fake news spam, but security firm Message Labs speculates that it's related to a cat-and-mouse game currently being played out between spammers and security companies. Most spam is sent out from hijacked computers known as "bots" that are connected in large networks called "botnets."
The largest is called the "Storm" botnet, created by a virus known as the Storm worm. Recently, researchers enjoyed a small victory against the worm, and shrunk the size of the botnet by about two-thirds, said Message Labs' Paul Wood. The aggressive news headline campaign is an attempt to reconstitute the network, he said.
"They are trying to do something to regain their power," Wood said.
RED TAPE WRESTLING TIPS
Spam campaigns like these are a real headache for companies that want to maintain e-mail relationships with their customers, as there are no foolproof tools for helping consumers tell real corporate e-mails from fake messages. Msnbc.com, CNN, and most news outlets maintain newsletters that readers use to receive timely bulletins. Such services are threatened by the widespread spam campaigns, which inevitably prompt IT departments to advise users to aggressively delete all e-mails that aren't personal.
The best advice: Think before you click. If you have any doubts at all about an e-mail, simply delete it. Also, keep track of your e-mails subscriptions and know when messages are expected to arrive.
Persistent internet users can check e-mail headers for signs that a message is suspicious, but that can require moderately advanced computer skills. Microsoft Outlook users can do this by right-clicking on an e-mail in inbox view, and then selecting "Message Options."
E-mail readers can also, in most cases, hover over a link before they click and see a pop-up showing where they will be directed if they click. If the link doesn't match the written link that's a good reason to question its legitimacy, but it's not fool-proof. Also, if you try this method, be careful not to accidentally click your mouse.
"Of course we all know that spam exists, but we certainly don't like it to invoke the brand name that is so meaningful to us and our readers," said Catherine Captain, vice president of marketing for msnbc.com. "We send out hundreds of thousands of legitimate email newsletters requested by our consumers every week. The key is not falling for the trickery of spammers and being able to discern what is real and what is fake."
CNN.com spokeswoman Jennifer Martin said that the company received phone calls and e-mails from viewers and users who received the fake e-mails and posted a notice on its Web site on Friday warning customers not to be fooled.