[SecurityRatty] tag: cnn

CNN, MSNBC Spammers Downgrading Their EMails

Sun, 17 Aug 2008 12:00:10 +0000

This is pretty interesting. After a week or two of seeing CNN spam, then MSNBC spam (both of which allude to "breaking news stories" in order to get peoples attention), it seems the people behind those attacks are now sending out plain emails (with none of the allusions to being from major news networks) that simply say "BREAKING news" in the title field:

If you visit the link in the email, you'll see this:

Click to Enlarge

I don't believe I've seen the length, rating and viewcount under the video before so that's likely a new tactic they've employed. Looks like they need to hire a spellchecker though...

Who's Behind the Georgia Cyber Attacks?

Thu, 14 Aug 2008 06:16:34 +0000

Of course the Klingons did it, or you were naive enough to even think for a second that Russians were behind it at the first place? Of the things I hate most, it's lowering down the quality of the discussion I hate the most. Even if you're excluding all the factual evidence (Coordinated Russia vs Georgia cyber attack in progress), common sense must prevail.

Sometimes, the degree of incompetence can in fact be pretty entertaining, and greatly explains why certain countries are lacking behind others with years in their inability to understand the rules of information warfare, or the basic premise of unrestricted warfare, that there are no rules on how to achieve your objectives.

So who's behind the Georgia cyber attacks, encompassing of plain simple ping floods, web site defacements, to sustained DDoS attacks, which no matter the fact that Geogia has switched hosting location to the U.S remain ongoing? It's Russia's self-mobilizing cyber militia, the product of a collectivist society having the capacity to wage cyber wars and literally dictating the rhythm in this space. What is militia anyway :

"civilians trained as soldiers but not part of the regular army; the entire body of physically fit civilians eligible by law for military service; a military force composed of ordinary citizens to provide defense, emergency law enforcement, or paramilitary service, in times of emergency; without being paid a regular salary or committed to a fixed term of service; an army of trained civilians, which may be an official reserve army, called upon in time of need; the national police force of a country; the entire able-bodied population of a state; or a private force, not under government control; An army or paramilitary group comprised of citizens to serve in times of emergency"

Next to the "blame the Russian Business Network for the lack of large scale implementation of DNSSEC" mentality, certain news articles also try to wrongly imply that there's no Russian connection in these attacks, and that the attacks are not "state-sponsored", making it look like that there should be a considerable amount of investment made into these attacks, and that the Russian government has the final word on whether or not its DDoS capabilities empowered citizens should launch any attacks or not. In reality, the only thing the Russian government was asking itself during these attacks was "why didn't they start the attacks earlier?!".

Thankfully, there are some visionary folks out there understanding the situation. Last year, I asked the following question - What is the most realistic scenario on what exactly happened in the recent DDoS attacks aimed at Estonia, from your point of view? and some of the possible answers still fully apply in this situation :

- It was a Russian government-sponsored hacktivism, or shall we say a government-tolerated one

- Too much media hype over a sustained ICMP flood, given the publicly obtained statistics of the network traffic

- Certain individuals of the collectivist Russian society, botnet masters for instance, were automatically recruited based on a nationalism sentiments so that they basically forwarded some of their bandwidth to key web servers

- In order to generate more noise, DIY DoS tools were distributed to the masses so that no one would ever know who's really behind the attacks

- Don't know who did it, but I can assure you my kid was playing !synflood at that time

- Offended by the not so well coordinated removal of the Soviet statue, Russian oligarchs felt the need to send back a signal but naturally lacking any DDoS capabilities, basically outsourced the DDoS attacks

- A foreign intelligence agency twisting the reality and engineering cyber warfare tensions did it, while taking advantage of the momentum and the overall public perception that noone else but the affected Russia could be behind the attacks

- I hate scenario building, reminds me of my academic years, however, yours are pretty good which doesn't necessarily mean I actually care who did it, and pssst - it's not cyberwar, as in cyberwar you have two parties with virtual engagement points, in this case it was bandwidth domination by whoever did it over the other. A virtual shock and awe

- I stopped following the news story by the time every reporter dubbed it the first cyber war, and started following it again when the word hacktivism started gaining popularity. So, hacktivists did it to virtually state their political preferences

Departamental cyber warfare would never reach the flexibity state of people's information warfare where everyone is a cyber warrior given he's empowered with access to the right tools at a particular moment in time.

Related posts:
People's Information Warfare Concept
Combating Unrestricted Warfare
The Cyber Storm II Cyber Exercise
Chinese Hacktivists Waging People's Information Warfare Against CNN
The DDoS Attacks Against CNN.com
China's Cyber Espionage Ambitions
North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Malware Infected Hosts as Stepping Stones

Hacktivism Tensions - Israel vs Palestine Cyberwars

The Current, Emerging, and Future State of Hacktivism

Internet PSYOPS - Psychological Operations

A Change of Plan For Your Spam

Wed, 13 Aug 2008 11:42:23 +0000

Someone really has to reign me in with these titles. Anyway, you may or may not have heard that the CNN spam mails have now morphed into mails that appear to come from Msnbc.com instead. The titles of the emails are still as insane as ever:

......uh, wow. The email will take you to a fake Flash download, just like the previous efforts:

Click to Enlarge

Obviously, they haven't gotten around to making fake Msnbc pages so for now we're still stuck with the fake CNN pages.

An odd side-effect of these emails is that they're likely lowering subscriber numbers for CNN and Msnbc, because the emails contain genuine unsubscribe links at the bottom:

I doubt the creators of these scam mails intended that - they're just wanting to make the mails look realistic - but I could imagine disgruntled subscribers wondering why CNN and Msnbc keep sending them these things then reaching for the "no more, please!" link...

Hackers spoof MSNBC alerts in new twist on massive malware ruse

Wed, 13 Aug 2008 09:00:00 +0000

A group of hackers that last week was touting CNN to distribute malware this week changed its message to push stories said to be from rival network MSNBC.

Hackers spoof MSNBC alerts in new twist on malware ruse

Tue, 12 Aug 2008 20:00:00 +0000

Hackers trying to plant malware on PCs have switched from touting CNN news in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today.

CNN Custom Alerts Spam

Sun, 10 Aug 2008 13:28:40 +0000

In general, my anti-spam filters and tools are pretty effective. So when I start to see something like this....

....it's obvious that a huge spam wave is underway. These are, of course, related to the fake CNN Spam from a few days ago. Here, the emails take the form of "custom alerts":

Click to Enlarge

I've seen two types of this mail - one links to a genuine CNN article from the headline text (with the smaller link underneath leading to an infection site), the other simply links to the infection site from both clickable links. As before, deleting these Emails is the best course of action. Interestingly, the format of these mails might not be working to the spammers advantage. Lots of people I've talked to who had one of these mails sent through simply deleted them without a second thought, thinking it was merely something on the real CNN they thought they'd signed up to and didn't actually want.

Fake IE7 Downloads Advertised Via EMail

Thu, 07 Aug 2008 10:56:21 +0000

There seem to be quite a few of these in circulation over the past day or so:

Download the latest version!

About this mailing:
You are receiving this e-mail because you subscribed to
MSN Featured Offers. Microsoft respects your privacy.
If you do not wish to receive this MSN Featured Offers e-mail,
please click the "Unsubscribe" link below. This will not
unsubscribe you from e-mail communications from third-party
advertisers that may appear in MSN Feature Offers.
This shall not constitute an offer by MSN. MSN shall
not be responsible or liable for the advertisers' content
nor any of the goods or service advertised. Prices and item
availability subject to change without notice.

2008 Microsoft | Unsubscribe |
More Newsletters |
Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

As you might have guessed, it's fake. Microsoft don't send out EMails asking you to download files from random, non-Microsoft websites. This:

....is not what it appears to be. Run the file, and instead of IE7, you're actually more likely to see a fake antivirus program appear on your desktop:

Click to Enlarge

This particular fake AV is also being pushed quite heavily via the recent CNN videos scam. You can see another example of these emails here. There is more than one URL being used for this attack, so be alert!

Massive Spam Campaign Spreads False CNN News Items With Fake Flash Player Malware

Thu, 07 Aug 2008 05:28:44 +0000

Known social engineering tactic involving Adobe Flash Player is exploited in currently active malware campaign. Spammed user is encouraged to click on a site with a fake news item in order to install a fake Flash player update (file names might be flashupdate.exe, get_flash_update.exe, watchmovie.mpg.exe). If user clicks “Cancel” in the dialog that prompts for [...]

Massive faux-CNN spam blitz uses legit sites to deliver fake Flash

Wed, 06 Aug 2008 09:00:00 +0000

More than 1,000 hacked Web sites are serving up fake Flash Player software to users as part of a massive spam attack designed to look like CNN.com news notifications, security researchers said today.

CNN Daily Top 10 Videos Spam

Tue, 05 Aug 2008 14:50:01 +0000

Like me, you've probably had quite a few "CNN Top 10" emails through over the last day or so. Here's just two of the many, many mails I've had through to various mailboxes:

If you opened up any of the mails, you'd have seen this:

Click to Enlarge

The first clue that something might have been amiss is the strangeness of some of the titles ("Michael Jackson sued by his own dog" isn't something I'd expect to see on CNN, at least not yet). Of course, the giveaway is that regardless of what link you click on, each one takes you to a website that isn't CNN.com - in fact, they all point to the same "video".

Click to Enlarge

If you download and install the file offered up, horrible things will start happening to your PC. Let's put it this way - anyone expecting to see Michael Jacksons dog in a courtroom is going to be severely disappointed.

Before long, your desktop will look like this:

Click to Enlarge

You'll have warnings like these:

And a rogue antivirus product will magically appear on your desktop:

Click to Enlarge

Worst of all, look at the name of one of the fake infections they try to scare the user with.

There's subtlety, then there's this:

....if you want to avoid your computer contributing to the "terrorist threat", don't open up any emails claiming to contain CNN videos.

Even if its Michael Jackson and his dog.