Don't click that headline, security researchers warn

E-mails pretending to contain video from MSNBC have links to malicious software, security companies are reporting.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Aug. 13, 2008 4:20 p.m. PT

<="" p="">

A flood of e-mails pretending to be from MSNBC contain links to malicious software, security companies warned Wednesday.

According to an MX Lab blog post, subject lines always start with "msnbc.com - BREAKING NEWS" then are followed with a variety of possible headlines, including: "Google launches free music downloads in China"; "Plane crashes into prep school, hundreds of kids killed"; "Please give your opinions for change"; and "US Dollar hits 6-year high, further gains expected."

The Web address http://breakingnews.msnbc.com is valid if you type it into your browser; however, clicking the link within the body of the e-mail will take you to another site entirely. The bogus site will then ask you to download a Flash video file. It is the file adobe_flash.exe that contains a malicious Trojan horse.

Sophos and Websense also issued warnings about the e-mails. Earlier this month, Sophos warned that fake CNN Top Ten e-mails contained a similar Trojan horse. In 2006, the BBC was used in a similar attack.

Disclosure: CNET News is published by CBS Interactive, a unit of CBS.