CNN Storm Spam

My inbox is being inundated with spam that purports to be CNN.Com news alerts. The emails are actually phishing attempts to trick people into downloading the latest Storm Worm.

From Sans here:

The CNN brand is trusted and recognized by almost all of our users. Anyone seeing this email may not think twice about clicking on the link unless we tell them not to.

Another thing about these spam emails is that, because it looks like CNN.Com, it bypasses many spam filters. And the email alerts have morphed over the past few days. At first the emails were a top ten story list as pictured here.

Now the emails look like they are alerts on topic keywords as pictured here:

You can see in each picture that the actual URL of the links are the phishing site hosting the malware, which is the easiest way to spot that these are fake emails.

This spam flood is also a direct attack on CNN’s brand, and this kind of attack is difficult to defend against. One way of defending against this is to allow subscribers to create a custom stamp on the emails they receive to certify that the emails are from the actual source meant for them. For instance, each email could have a custom icon chosen by the subscriber, and a caption of that icon would be a key word supplied by the user at the time he subscribes. For example, one icon among 20 could be selected of a frisbee and a keyword of applepie could be supplied as input. This way any email from this company intended for this user that does not have both the frisbee and the applepie caption is probably fraudulent.