Showing no signs of slowing down, the spammers who were sending the CNN-themed emails have changed the look of their messages to this:
The Full Story link, says Advanced Threat Researcer Joey Costoya, directs users to one of those cnnplus.html URLs. Again it asks users to download and install an ActiveX Object. As seen in the previous attack, users are led to the file adobe_flash.exe, not a legitimate Adobe file but something malicious of course.
Besides improving the look of the email message, Costoya says that another innovation by the authors behind this run is that the HTML page now starts to use obfuscated JavaScript, which was not seen in previously.
The file adobe_flash.exe, is detected by Trend Micro as TROJ_NUWAR.GFZ.
We are still investigating the routines of the malware involved here and we will update as soon as more information becomes available. Users meanwhile are advised to refrain from clicking links in spammed messages, and to download files only from Web sites of software vendors.
August 13th, 2008 at 8:00 am
[...] Fake News, More Malicious CNN Spam』Trend Labs MALWARE BLOG http://blog.trendmicro.com/more-fake-news-more-malicious-cnn-spam/ おすすめランダム記事10 Skype月額1495円で『世界中電話かけ放題』 [...]