Don't click that headline, security researchers warn

E-mails pretending to contain video from MSNBC have links to malicious software, security companies are reporting.

A flood of e-mails pretending to be from MSNBC contain links to malicious software, security companies warned Wednesday.

According to an MX Lab blog post, subject lines always start with "msnbc.com - BREAKING NEWS" then are followed with a variety of possible headlines, including: "Google launches free music downloads in China"; "Plane crashes into prep school, hundreds of kids killed"; "Please give your opinions for change"; and "US Dollar hits 6-year high, further gains expected."

The Web address http://breakingnews.msnbc.com is valid if you type it into your browser; however, clicking the link within the body of the e-mail will take you to another site entirely. The bogus site will then ask you to download a Flash video file. It is the file adobe_flash.exe that contains a malicious Trojan horse.

Sophos and Websense also issued warnings about the e-mails. Earlier this month, Sophos warned that fake CNN Top Ten e-mails contained a similar Trojan horse. In 2006, the BBC was used in a similar attack.

Disclosure: CNET News is published by CBS Interactive, a unit of CBS.

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)
    Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)
    CNET's 15 favorite How Tos of 2014