Attention news junkies: The Belgian MX virus and spam blog is reporting that today’s CNN Top 10 e-mail links are sending unwitting users to sites hosting malware:
The links behind the top 10 directs you to a web site that should show you the video but instead gives you an error that an incorrect Flash player is installed. A pop up window will ask you to download the correct video codec, an executable called get_flash_update.exe, but this is in fact the Trojan-Downloader.Agent.EL. This trojan can download and installs other malware onto infected machine.
I haven’t found another security alert about this — does anyone receive this mail from CNN?
One more source: http://isc.sans.org/diary.html?storyid=4828
If you missed last week’s chance to get your “airplane ticket”, you currently have a second opportunity. Emails are making the rounds that claim to come from CNN, and carry a subject of “CNN.com Daily Top 10”. Well, they are neither. But the emails contain click-friendly headlines with enticing subjects like “Will all Americans be obese by 2030?” Now who wouldn’t want to read THAT?!