August 13, 2008
NOTE: REVISED FOR CLARIFICATION IN HEADLINE - e-mails sent by MSNBC are legitimate. If unsure if e-mail is from their news site and not spam, go to their Web site and log on for news.
• MSNBC latest lure in Internet spam scam
• UAB Spam Data Mine pinpoints origin
• Spam architects kick up their tricks
• View related video at http://main.uab.edu/Sites/MediaRelations/articles/50121/
BIRMINGHAM, ALA - The UAB (University of Alabama at Birmingham) Spam Data Mine reports that a new spam trend using MSNBC began shortly after 3 a.m. this morning. Because the new spam attack is based on the actual emails sent to MSNBC Alert subscribers, it will be nearly impossible to block to the spam without also blocking legitimate MSNBC mail, said Gary Warner, director of Computer Forensics.
For the past several days, one of the top spam messages was "CNN Alerts: My Custom Alert", which attempted to trick e-mail readers into clicking on a site that would infect their computers by forging a CNN e-mail. Warner was the first to detect the scam last week using UAB Spam Data Mine, which collects millions of e-mail messages used to provide investigators with spam intelligence and determine new attack methods. In the past week, the CNN scam represented 14 percent of all the spam Data Mine collected.
"Because we analyze large volumes of span we were able to identify the point where this campaigned switched from CNN to MSNBC and provide compelling evidence that the attack is from the same source," Warner said.
"From the MSNBC perspective the problem is that anyone who subscribes to their alerts will receive a bogus e-mail whose format is exactly the same a legitimate MSNBE alert. Depending on your e-mail program you can float your mouse over the URL and find out where the message originated, but if you have a program like Outlook that is not possible."
UAB Spam Data Mine received its last forged CNN e-mail in that campaign at 2:12 a.m., Warner said. Beginning at 3:18 a.m. it began receiving e-mails with the subject lines;
msnbc.com - BREAKING NEWS: Americans love law suits for breakfast
or msnbc.com - BREAKING NEWS: Abortion made illegal in New York.
"Clicking on the link will cause your computer to download malware that can compromise your privacy, use your computer to send spam, and possibly lead to downtime and repairs while the virus is removed," Warner said.
More details on the blog of Gary Warner, Director of Research in Computer Forensics:
Previous blog entries from this series:
NOTE: WE ARE THE UNIVERSITY OF ALABAMA AT BIRMINGHAM, not to be confused with the University of Alabama, which is a completely separate university. Please use our full name on first reference and UAB thereafter. Thank you - Deb Lucas