msnbc.com Breaking News is one of the latest malspam messages to spread malware through a Fake Flash Player download.

The CNN malspam message that we reported on a previous post has evolved into using other popular news network subject lines to sneak in a new version of the same type of malspam message. This time the spammers are using the title “msnbc.com Breaking News” as the headliner which is sure to get more computer users attention.

The mxlab blog was one of the first sources to enlighten or warn computer users of this new malspam threat. In their post they go onto explain how this new “msnbc.com BREAKING NEWS” message contains a URL that leads to a malicious site that has a CNN video report but asks you to download a Flash player in the form of the file adobe_flash.exe. Does this sound familiar? It should because we believe it is the same group of spammers that are changing the latest series of the CNN Trojan messages or malspam to exhibit a new catchy title.

Do you ever get those “Breaking News” emails when something big in the news has recently happened?

The last legitimate “Breaking News” message I received was the passing of Isaac Hayes from CNN.com. Many of you are probably like me, you want to be notified of breaking news and if you get an email titled “Breaking News” you are probably going to open that message and click on a link within the body of the email. If you do that with the new “msnbc.com BREAKING NEWS” malspam message then it will redirect you to a malicious site that may ask you to download a fake Flash player just like in the CNN.com Daily Top 10 malspam message.

Below is an mxlab example of the “msnbc.com - BREAKING NEWS” message and embedded linking:

Google launches free music downloads in China
Plane crashes into prep school, hundreds of kids killed
Please give your opinions for change
US Dollar hits 6-year high, further gains expected

msnbc.com: BREAKING NEWS: Google launches free music downloads in China
Find out more at http://breakingnews.msnbc.com
======================================================
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.
=========================================
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
newsletter because you subscribed to it or, someone forwarded it to you.
To remove yourself from the list (or to add yourself to the list if this
message was forwarded to you) simply go to
http://www.msnbc.msn.com/id/50903113 , select unsubscribe, enter the
email address receiving this message, and click the Go button.
Microsoft Corporation - One Microsoft Way - Redmond, WA 98052
MSN PRIVACY STATEMENT
http://privacy.msn.com (http://privacy.msn.com/> )

msnbc.com – BREAKING NEWS malspam message Update: It was confirmed by MX Logic that the new msnbc.com – BREAKING NEWS malspam messages are using uncanny subject lines. Below are a few examples of the subject lines used.

• msnbc.com - BREAKING NEWS: Americans love law suits for breakfast
• msnbc.com - BREAKING NEWS: Bomb scare grounds thousands of flights at UK Heathrow airport
• msnbc.com - BREAKING NEWS: Copycat murderer beheads woman on Greyhound bus
• msnbc.com - BREAKING NEWS: I will be suing you
• msnbc.com - BREAKING NEWS: Mary-Kate Olsen implicated in Heath Ledger’s death
• msnbc.com - BREAKING NEWS: Sandwich recall amid Salmonella outbreak

Note: You should delete any message with the same subject line as those listed above in an effort to avoid getting infected by a Trojan.

The fake Flash Player is pushed onto computer users through an ActiveX error message as shown in the image below.

Malspam Tip: We should note that these messages will probably not stop any time soon. We expect them to change into different variations mainly because the recent malspam messages are working well for spammers by infecting a wide range of people around the world. What works for the spammer is usually something that we see more of in the future. If you get a message with the subject line “msnbc.com BREAKING NEWS” please use caution. As Adobe.com has already stated, do not ever download a Flash Player from another site other than Adobe.com.

Another new term that I can add to my Web vocabulary, “Malspam”.

I found an interesting article “Penetrating the Zombie Collective: Spam as an International Security Issue“, where it goes on to discuss how spam messages have plagued computer users as long as email inboxes have been in existence. The new common nature of spam messages is that they have evolved into much more than your normal run-of-the-mill spam email that you may have had in the past. Spam has taken on a new very ugly face called malspam which this interesting article explains as being a variant of spam messages that intentionally capitalizes on a computer user’s weak information security.

What exactly is Malspam?

The popularly exploited “CNN.com Daily Top 10” malspam message that we previously wrote about is only one recent example of malspam that is plaguing the internet world today. Malspam messages utilize popular subject lines to entice computer users such current events and hot topics. Dictionaries will tell you that spam is defined as unsolicited usually commercial e-mail sent to a large number of addresses. Now, let’s beef up the term by basically adding malware to the equation and you simply get malspam. Malspam is new form of spam that is initially presented in the form of a spam message but the malicious linking embedded within a malspam message makes it very different from a normal spam message that you may be familiar with.

Spam dates back to the 1970’s and the rate of spam messages evolving into something different and more malicious has only increased exponentially just recently. It is estimated that 80% of the newer spam messages result from automated sources and security compromised systems that are controlled remotely by spam senders. It was also said by some sources that 80% of spam comes from about 200 spammers who reside in the U.S. The percent of spammers outside of the U.S. is on a steady rise where the messages include more malware. Because most Malware code writers reside outside of the U.S. and more spam message sources are increasing outside of the U.S., we are starting to more malspam messages. It works hand in hand unfortunately.

What does Malspam look like?

Ever get those emails that are titled something that is currently being talked about in the media or even subjects that are related to something that you know is totally bogus? Wheather a malspam message title is true or not, it usually makes out to be something that sparks people interest such as our previous post “New Malicious Spam Email: CNN Alerts: My Custom Alert” post explains. Malspam messages may have titles similar or related to the subjects below.

• Obama is gay
• Britney Spears loses kids
• McCain drops out of running
• McCain names VP post
• Justine Timberlake gay video
• CNN.com Daily Top 10
• CNN Alerts: My Custom Alert
• 50 Cent sues Taco Bell

All of the above would spark your interest if it were true or false wouldn’t it? If you received a few emails with those titles would you open the email and proceed to read it with a slight possibility of clicking on a link within the message to confirm the story? This is where the malspam attack happens. If you make the mistake of opening a message using a subject similar to the list above then you may be greeted by a notification that says “Flash player: Incorrect version”. The message is bogus and tries to get you to download a new Flash player which in reality is a malicious file that may download and install malware onto your computer.

Malspam Tip: It is advisable that you monitor security sites that provide information warning you of recent malspam messages or new threats to look out for. The best thing that you can do is delete a message if you are even a little uncertain about it.

Have you received any email messages that were titled with any of the subjects listed above? Did you end up opening that message?

Spammers are now sending a newer version of the infamous “CNN.com” group of malspam email messages called “CNN Alerts: My Custom Alert”.

We first posted a removal guide for the CNN.com Daily Top 10 message infection and now it seems the same string of malicious emails has changed slightly to the subject line “CNN Alerts: My Custom Alert”. “Here we go again”, this is probably what you will say to yourself if you encounter this new malspam message.

After an examination of this new variation of malspam email utilizing the CNN theme, it seems to be a bit more deceiving than the previous “CNN.com Daily Top 10″ malspam message. The “CNN Alerts: My Custom Alert” message actually routes to a legitimate CNN story from one of the many links embeded in the cnn image. The legitimate link that it points to is the “Chinese Islamic group threatens Olympics” story found on the real CNN.com site. Before you run off and tell your buddies that this email is OKAY, we noticed that another link within the email is malicious. Embedded within the image of the “CNN Alerts: My Custom Alert” message is a link to click for the FULL STORY and that was found to be a malicious link that points to biogazrhonealpes.org/cnnplus.html.

Below is a list of other blogspot pages that may be used in conjunction with the “CNN Alerts: My Custom Alert” malspam message:

• informasya.blogspot.com/2008/07/cnn-alerts-my-custom-alert_20.html
• informasya.blogspot.com/2008/07/cnn-alerts-my-custom-alert-etc_21.html
• zujarcuevas.blogspot.com/2008/08/cnn-alerts-my-custom-alert.html
• bastien12.blogspot.com/2008/08/cnn-alerts-my-custom-alert.html
• rjbblog040405.blogspot.com/2008/08/cnn-alerts-my-custom-alert.html
• cnga-ca.blogspot.com/2008/08/cnn-alerts-my-custom-alert.html

Security notice: Do not attempt to visit the malicious site links listed above. They are only used as a reference for the discovered malicious links. You may risk the installation of rogue anti-spyware programs or other infectious files.

Other reports online about this new version of malspam emails using a CNN cover-up will say that the campaign has passed over to blogspot web pages. Other links were found to be related as the hackers may be using multiple sources for spreading malware onto computer users via the “CNN Alerts: My Custom Alert” malspam message.

CNN is not affiliated with this threat. It doesn’t operate the websites in question and the messages are being sent from randomized email accounts.

Adobe Flash Downloads from certain sites turn out to be malware.

Are you a member of Facebook, MySpace or Twitter? Have you ever downloaded Adobe Flash or the Adobe Flash update? You could be in serious danger if you download Adobe Flash through any of these popular social network sites online. Adobe has released an advisory posted on their website warning users that you should not download Flash Player from a site other than adobe.com. How many of us really pay close attention to a Flash Player update when we want to see Flash content of a video?

Hackers are getting sneaker each and every day with the way they spread malware onto thousands of computers worldwide. Hackers are using a Flash Player file which in reality is a malicious executable that can port parasites onto your computer. They take it a step further by using popular social networks to help spread this garbage. Because Facebook, MySpace and Twitter are such big networks they can reach a large number of gullible computer users. You don’t have to become a victim, you still have a way out in this situation. Below is the advisory that Adobe has posted on their site, adobe.com:

First off, do not download Flash Player from a site other than adobe.com – you can find the link for downloading Flash Player here. This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc.) – if you get a notice to update, it’s not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.

Second, all Adobe software for Windows is signed with a digital certificate that is validated by Windows when you install our software. The Publisher will always be ‘Adobe Systems, Incorporated’, and you can verify this when you double-click the installer, or by right-clicking on the installer, selecting ‘Properties’, and going to the ‘Digital Signatures’ tab.

Because Flash is pretty much the most widely deployed software in the world, we can only reiterate what Adobe has said about the fake Flash Player. It is essential that you pay special attention to this situation when you utilize Facebook, MySpace or Twitter from now on.

Evilgrade Exploit Toolkit infecting computers that update software online.

We can all agree that software updates are essential for keeping our computer safe and running to the best of its abilities right? What if the software update service was insecure to begin with, where do you go from there?

A malware kit called Evilgrade is currently attacking software update services rendering the update unsafe. According the ZDNet blog, the infection of the systems happen through a man-in-the-middle (DNS, DHCP and ARP spoofing) type of attack where it infects systems through the update process. This allows the attack to happen to a wide range of applications. Below is a list of product updates that may have been attacked.

1. DAP [Download Accelerator]
2. iTunes
3. Java plugin
4. Linkedin Toolbar
5. MacOS
6. notepad++
7. OpenOffices
8. speedbit
9. Winamp
10. Winzip

How would this happen to me?

If you ever use public Wi-Fi access and the DNS cache has been compromised and you choose to update your software then you risk becoming infected. From the reports that we have researched, this is only happening to the software update services listed above. Some reports have stated that Apple has updated their update service to ward off this type of attack. Other companies remain off of this list such as Microsoft due to them anticipating attacks such as these and allowing their updater to install binaries signed by Microsoft which proves to be a safer method for updating software.

Trojans are the main culprit for recent spyware and malware infections.

Reports and studies have confirmed that most malware comes from Trojan infections or Trojan files instead of other means. Trojans make up the main cause for the installation of malware or rogue anti-spyware programs on PC’s. BitDefender, a security vender, claimed that 80 percent of malware that infected computers worldwide came from a form of a Trojan on a computer. We know from our many parasite removal guides that malware comes in deferent forms that perform many malicious functions. In some cases it is not the Trojan that steals your personal information or create popups. It is usually the malware that is installed from a Trojan.

Malware may not be very difficult to remove in some situations compared to a Trojan infection. The Trojan that originally installed the malware may hang out on your system and further infect your computer after you remove or attempt to remove any malware. Because Trojans, for the most part, do not actively run process or stand out in the crowd as much as malware, it can go undetected for a long time.

Did you ever think that you completely removed a malware infection or rogue anti-spyware program and the next time you rebooted your system it came back? That’s a common case if you have a Trojan residing on your system and it is not completely removed.

Websites that run scripts and file downloads such as video codecs are a common ways that a Trojan may enter into your system. Adobe Flash ActiveScripts is a familiar form of a script that can spread a Trojan especially with the many flash based websites found on the internet today.

Hackers wish to make money any way that they can. Trojan infections are becoming more dangerous and are starting to sneak more malicious files or software onto computers all over the world.