Update: Fake-CNN spam mutates as attacks continue<P id=first_paragraph>August 8, 2008 (Computerworld) The massive attack that has infected PCs by tricking users into clicking links in fake messages from CNN.com shows little sign of ending soon, security researchers said Friday.

According to MX Logic Inc., spam posing as CNN.com Top 10 lists peaked at close to 11 million messages per hour early Thursday, but remained at high volumes throughout the day Friday. The Colorado security vendor said it had been tracking an average of 8 million messages per hour since midnight.

MX Logic's vice president of information security, Sam Masiello, called the trend "a very slow, but steady decline" from the 11 a.m. Mountain Time peak the day before.

Masiello also said that the spam has changed since attacks were first launched on Tuesday. "We've also seen several morphs of this spam over the past couple of days," he said in an entry posted on the MX Logic blog Friday. Where the messages once trumpeted "CNN.com Daily Top 10" in the subject heading and linked to a single filename on malware-hosting sites, now the spam sports a subject reading "CNN Alerts: My Custom Alert" and uses a variety of filenames in the malicious URL.

"This is likely in response to all of the media attention and awareness that has been brought up over the past couple of days," Masiello speculated.

Also on Friday, Websense Inc. reported that its researchers had seen the attack mutating, with the spam subject heading not only touting "CNN Alerts: My Custom Alert," but also using legitimate news stories culled from CNN to make the messages more convincing.



http://www.computerworld.com/action/...icleId=9112138