Showing no signs of slowing down, the spammers who were sending the CNN-themed emails have changed the look of their messages to this:
The Full Story link, says Advanced Threat Researcer Joey Costoya, directs users to one of those cnnplus.html URLs. Again it asks users to download and install an ActiveX Object. As seen in the previous attack, users are led to the file adobe_flash.exe, not a legitimate Adobe file but something malicious of course.
The file adobe_flash.exe, is detected by Trend Micro as TROJ_NUWAR.GFZ.
We are still investigating the routines of the malware involved here and we will update as soon as more information becomes available. Users meanwhile are advised to refrain from clicking links in spammed messages, and to download files only from Web sites of software vendors.