Faux-CNN Spam Blitz Delivers Malicious Flash

Slashdot points to a story appearing yesterday about the serving up of fake Flash Player software to users by more than 1000 hacked Web sites. Users are duped into clicking on links in mail that is part of a massive spam attack masquerading as CNN.com news notifications.

The bogus messages, purportedly from the CNN.com news Web site, include links to what are claimed to be the day's top 10 news stories and top 10 news video clips. Clicking on such a link, however, brings up a dialog box that claims that an incorrect version of Flash Player has been detected and that the user needs to update to a newer version, according to Sam Masiello, vice president of MX Logic Inc.

People who approved the download of the fake flash executable file instead received a Trojan horse that in turn "phones home" to a malicious server to grab and install additional malware, said Adobe product security manager David Lenoe.

See full article at COMPUTERWORLD Security.