Beware "CNN.com Daily Top 10" emails; actually malware

Wed Aug 6, 2008 1:27PM EDT

See Comments (21)

Thousands (possibly millions) of users are receiving what looks like an innocuous daily missive from CNN.com (it sailed right through my spam filter), offering links to the "Daily Top 10" stories and videos. Flag these emails as spam, and do not click the links inside. The links will direct you to a malware website and attempt to install dangerous software on your PC.

In Outlook and many web-based mail clients, the message will show up initially as a series of broken images. If you choose to load the images, you'll see list of 20 randomized stories and videos, most of which look completely harmless ("China tightens security following attack in west"). The use of images bypasses the automatic disabling of web links, so you won't get a security pop-up if you click on one of the links in the email; your web browser will open automatically.

If you do click one of the links you'll get an innocuous-looking CNN-branded video player and an error message with a notice "Video ActiveX Object Error. Your browser cannot play this video file." The message then prompts you to install an ActiveX Object... which, of course, is actually a Trojan horse. You can read more about the specific threat here. (Essentially it opens a door to allow for even more malware to be installed.)

CNN is of course not affiliated with the threat. It doesn't operate the website in question and the messages are being sent from randomized email accounts, likely on infected machines. But keep this in mind if you see any emails from CNN this week, whether or not you subscribe to any of its mailing lists.

More details are available here

Comments on Beware "CNN.com Daily Top 10" emails; actually malware

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by briandvich on Thu Sep 3, 2009 3:13PM EDT Report Abuse

    I "sorta" fell for it, I just did the "unsubscribe" link at the bottom. That link looks like a "legit" CNN URL tho.?? "http://cgi.cnn.com" Hummm...don't remember any video player, it was a few days ago when I did it...better run my AV scanner!

  • 7 Posted by n_l_harvey on Thu Sep 3, 2009 7:42PM EDT Report Abuse

    While I recognised it as spam, the story headlines are actually interesting, and some of them quite funny.

  • 8 Posted by crane_ku on Thu Sep 3, 2009 3:30PM EDT Report Abuse

    You can reference there, but Chinese Word. http://mysecure.blogspot.com/2008/08/blog-post.html

  • 9 Posted by so_cal_merch on Thu Sep 3, 2009 9:34PM EDT Report Abuse

    I got that e-mail and clicked on a link within it and it sent me to a site that then downloaded a Windows .exe file and then I even opened that file. It did nothing at all. But why? because I have a Mac. Honestly I have not used anti virus software since 1995.

  • 10 Posted by hersheysq on Thu Sep 3, 2009 4:18PM EDT Report Abuse

    i manage an exchange server. I have several thousand of these emails come through each day.

  • 11 Posted by cinnbear@pacbell.net on Thu Sep 3, 2009 3:25PM EDT Report Abuse

    I subscribe to CNN breaking news email alerts. When I saw the Daily Top 10 email, I knew instantly it was bogus, because I don't subscribe to anything like that. What I didn't know was how harmful the emails were.

  • 12 Posted by skalek on Thu Sep 3, 2009 9:25PM EDT Report Abuse

    Found a removal guide here: http://www.bleepingcomputer.com/malware-removal/remove-cnn-daily-top-10

  • 15 Posted by epic.judy@sbcglobal.net on Thu Sep 3, 2009 3:55PM EDT Report Abuse

    Unfortunately, I fell for this before I saw your article. It downloaded a virus to my computer that crippled me for days and almost made we reformat my entire computer before I was able to get everything clean. BE CAREFUL!

  • 16 Posted by doreen8977 on Thu Sep 3, 2009 3:47PM EDT Report Abuse

    My computer has malware popups, how do I get rid of them? I have spybot software but it doesn't get rid of them. Doreen/doreen8977@yahoo.com

  • 18 Posted by kurbycar_32 on Thu Sep 3, 2009 4:54PM EDT Report Abuse

    Everyone at work got one of these on their blackberry. interesting part was that it came through as a text message so it wasn't even checked by our filtering system

  • 19 Posted by kusanagi_orochi on Thu Sep 3, 2009 4:54PM EDT Report Abuse

    I received at least 10 of them in my email these past two days. I didn't pay that much attention to them since I never subscribed for CNN news letter.

  • 20 Posted by susyack on Thu Sep 3, 2009 9:50PM EDT Report Abuse

    I have been receiving them two or three times a day in my spam box and have deleted them without opening. I did not sign up for anything from CNN therefore I don't open unwanted email. I will pass the info on. Thanks

  • 21 Posted by rleighcurry on Thu Sep 3, 2009 8:43PM EDT Report Abuse

    I have been getting these about 30 times a day for the last two weeks....figured out immediately it was evil....

More Posts: First Prev 1 2 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.