5 million fake news spams per hour
There's a good chance that you've seen at least one of the spoofed CNN or MSNBC spam messages that are doing the rounds - as many as 5 million of them are being sent per hour. The spoofed messages are modelled on CNN and MSNBC alerts and feature headlines that are calculated to attract attention by tapping interest in celebrities, politics and other current issues.
Some of the headlines used are are outlandish, but there seems to be a trend to make them more believable. Recent examples include "Wildfires hit Arizona: leave thousands homeless" and "Cruise steals show in new Stiller movie".
The falsely described URLs in these messages lead to pages that attempt to instal malware on the victim's computer, typically in the guise of a codec supposedly needed to watch the video.
Examples we've seen appear to have originated from (most likely malware-infected) systems in the .br, .com, .in and .tw domains, and point victims to hijacked sites with .com, .es, .pl, and .ru URLs. That last TLD (.ru) is especially common in the spoof CNN alerts.
"Another dangerous aspect of these CNN and MSNBC emails is the intensity with which the messages have been sent," said Chris Astacio, a security researcher at Websense. "In this campaign alone, our Threatseeker Network has seen as many as 5 million messages sent, per hour, from multiple hosts worldwide."
The volume of fake messages involved underscores the effectiveness of botnets when it comes to pumping out large volumes of spam. But 5 million per hour is far from a record: security provider Marshal recently claimed the 315,000+ system Srizbi botnet is capable of generating 7.8 billion spams per hour.
Srizbi generates around half of all spam, and adding the Rustock and Mega-D botnets accounts for 75 percent of the total.
So what's to be done?
If you haven't subscribed to a web site's alert service, don't open emails that purport to be such alerts. If you have subscribed, think twice before clicking on the links. The safest approach is probably to open the real site's home page in your browser and then navigate to the story of interest - if it's actually there!
In the longer term, a decent spam filter (either running on your computer, your mail provider's server, or a third-party filtering service) should reduce the amount of spam that reaches you.
And keeping your security software up to date should reduce the risk of malware getting onto your system, but take care of yourself by treating links in emails with scepticism rather than relying on technological measures.
Reproduced from an article published by iTWire
© iTWire
The original article can be viewed here:
http://www.itwire.com/content/view/20078/53/
Permalink Bookmark Digg this story
