Massive faux-CNN spam blitz uses legit sites to deliver fake Flash

More than 1,000 hacked sites serving up phony update; Adobe issues warning

August 6, 2008 (Computerworld) More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said today.

The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a newer edition, said Sam Masiello, vice president of information security at Denver-based security company MX Logic Inc.

Read the whole story here.

-Ken