Threat Advisory: CNN and MSNBC Spam

Over the past two weeks, we’ve seen waves of high-volume attacks (over 15% of all spam messages) using false CNN and MSNBC content. Our botnet protection has blocked the vast majority — over 99% — of these attacks and mutations, and we continue to release filter updates that automatically delete some variants.

We’d like to provide you with an update on recent spam attacks.

Our message security vendor has advised us on high volumes of bogus CNN and MSNBC messages that contain links to download malware. Spammers have copied the contents of CNN and MSNBC alerts and substituted a link that prompts users to upgrade to a new version of a fake Adobe Flash player.

The security service has detected and blocked the vast majority of these attacks, and continues to release protections to stop the new mutations. Their capture rate is over 99%; however, the attack volumes are so large (in the hundreds of millions of messages) that a 1% passthrough rate means that a few messages may end up in your inbox.

For best security practices, if you see any CNN, MSNBC, or suspicious news alert messages:

  • Do not deliver these messages from your Message Center or Quarantine Summary.
  • Delete these messages from your inbox.
  • Do not click on any links in the messages.

If you need to access CNN or MSNBC content, visit the website directly.

Please be assured that our security service considers virus and spam protection as their highest priority, and continues to be on the cutting edge against new spam attacks and tactics.

Virus and Spam Trends

Following is the summary of email threats and trends we track for our user base of over 40,000 organizations.

Viruses Increase: In July, our systems recorded the largest volume of email virus attacks of the year. On July 20, our zero-hour virus protection technology detected and caught emails that contained a spoofed UPS package-tracking link intended to lure recipients into clicking it and downloading malware. This virus wave peaked at nearly 10 million messages on July 24.

On August 5, we experienced a large inflow of messages with an encrypted .RAR attachment. While the use of attachments as a virus delivery mechanism generally decreased in 2008, this new virus showed that tactics continue to vary.

Spam Levels Remain High: April showed peak spam volumes for 2008, but the overall level of spam remains high this summer. The average user has received 133 spam messages per day this year. Our statistics show that the average unprotected user would have received 36,000 spam messages in 2006 and 36,000 in 2007. This year’s July total shows a 68% growth rate over the same time in 2007. In short, spam attacks in 2008 have not let up from previous years.

Leave a Reply