I only had a couple of these in the past week, checked email today and holy crow. I clicked a few to see what domain they lead to, and it's all different ones, with the common thread being the attack page is 'cnnvid.html' ..

Wonder who's responsible, gotta be organized crime somewhere for sure.

Yeah, my work mail and my gmail accounts have been getting slammed by them. They get caught by the spam filter, but there are a lot of them. We even had to issue a mail to our users to let them know they weren't real.

spoofing, not too hard :)

You clicked the links in those emails? Why on earth would you do that?

I have literally made a form the auto replies to users asking about these emails.

Hi,

It is SPAM, we are aware of the amount of it. They are NOT legitimate emails, please do not click on the links.

We are working with our SPAM filtering providers to block these emails without impeding legitimate emails.

Thanks,
Jeff

I have literally made a form the auto replies to users asking about these emails.

Hi,

It is SPAM, we are aware of the amount of it. They are NOT legitimate emails, please do not click on the links.

We are working with our SPAM filtering providers to block these emails without impeding legitimate emails.

Thanks,
Jeff

Haha..

You clicked the links in those emails? Why on earth would you do that?

No, I clicked the emails and viewed the source to see where they are trying to take me. I could click the links, my machine is secure, just no need, since I already know what they're trying to do.

i got one of those... it said "danica patrick killed in nascar testing session" too bad it was sunday otherwise it might have been remotely believable :rolleyes:

i received one and the rest have been automatically blocked by exchange.

Got one this morning in a similar pattern but from 'MSNBC.com' with a different threat URL, this time http://gallinaspuras.com.ar/up.html - possibly the same attack renamed, possibly something new. Don't click that unless you are sure of your security, of course.

Here is the header (my info removed):Date: Sat, 09 Aug 2008 06:02:17 CDT
To: **********
From: CNN Alerts <ausputze1983@cw-eng.com>
Subject: CNN Alerts: My Custom Alert

From ************** Sat Aug 9 06: 02:23 2008
Return-Path: <***********>
Delivered-To: *****************
Reply-To: ausputze1983@cw-eng.com
MIME-version: 1.0
X-Virus-Scanned: amavisd-new at ********
X-PerlMx-Spam: Gauge=XXXXXXXXXIIIIIIIII, Probability=99%,
Report=[BAYES_95=3, HELO_DYNAMIC_SPLIT_IP=2.191, HTML_IMAGE_ONLY_32=1.052,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.875, MSGID_FROM_MTA_ID=1.393]
X-Spam-Status: Yes, score=8.512 tagged_above=2.3 required=5 [BAYES_95=3,
HELO_DYNAMIC_SPLIT_IP=2.191, HTML_IMAGE_ONLY_32=1.052, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.875, MSGID_FROM_MTA_ID=1.393]
X-Spam-Score: 8.512
X-Spam-Level: XXXXXXXX
X-Spam-Flag: YES
X-Filter-Category: faq
X-Loop: ****************
Sender: ******************Content:
<html>
<head>
<title>CNN Alerts: My Custom Alert</title>

<style type="text/css">
<!--
.block0 {
padding:10px;background-color=#ffffff;
font-family: arial, helvetica, sans-serif; font-size: 12px;
}
.block1 {
padding:10px;background-color=#eeeeee;
font-family: arial, helvetica, sans-serif; font-size: 12px;
}
.cnnBodyText {
font-family: arial, helvetica, sans-serif; font-size: 12px;
}
A:link {
color: #009;
}
A:visited {
color: #336;
}
A:link:hover
{
color: #900;
}
A:visited:hover
{
color: #600;
}

.cnnSectCopyright { font-family: verdana, arial, sans-serif; font-size: 10px; color: #000000; padding-top: 3px;}
-->
</style>

<script language="JavaScript1.1" src="http://ar.atwola.com/file/adsWrapper.js"></script>

<style type="text/css">
<!--
.aoltextad {
text-align: justify; font-size: 12px; color: black; font-family: Georgia, sans-serif
}
-->
</style>

</head>
<body bgcolor="#ffffff">
<table width="602" border="0" cellpadding="1" cellspacing="0">
<tr><td><a href="http://www.cnn.com/"><img src="http://i.a.cnn.net/cnn/.element/img/1.0/logo/cnn.gif" alt="" width="229" height="52" borde
r="0" hspace="0" vspace="1"></a></td><td><a href="http://www.cnn.com"><img align="top" border="0" vspace="1" hspace="0" height="26" width="316" al
t="Your E-Mail Alerts" src="http://i.a.cnn.net/cnn/.element/img/1.0/alerts/alerts_header.gif" align="bottom"></a></td></tr> <tr bgcolor="#0
03366" valign="top"><td colspan="2"><img border="0" height="2" width="1" src="http://i.cnn.net/cnn/images/1.gif"></td></tr>
<tr>
<td class="cnnBodyText" colspan="2">

<div class="block0">
<b>Alert Name:</b> My Custom Alert<br><br>
<a href='http://www.browsetomy.gmxhome.de/cnn.html'><b>Barack Obama makes gay confession</b></a><br>

Sat, 9 Aug 2008 13:02:19 +0200<br>
<br>
<b><a href="http://www.browsetomy.gmxhome.de/cnn.html">FULL STORY</a></b>
</div>
<br>

<hr size="1" noshade width="100%">
You have agreed to receive this email from CNN.com as a result of your CNN.com preference settings.<br>
To manage your settings click <a href="http://audience.cnn.com/services/cnn/memberservices/member_auth.jsp?url=http%3A%2F%2Faudience.cnn.com% 2Fser
vices%2Fcnn%2Fmemberservices%2Fregwall%2Fmember_pr ofile.jsp%3Fsource%3Dcnn">here</a>.<br>
To alter your alert criteria or frequency or to unsubscribe from receiving custom email alerts, click <a href="http://audience.cnn.com/services/cn
n/alerts/manageAlerts.jsp?source=cnn">here</a>.<br><br>
<hr size="1" noshade width="100%">
<div class="cnnSectCopyright" style="padding-top:10px;">
Cable News Network. One CNN Center, Atlanta, Georgia 30303<br>
<b>© 2008 Cable News Network.</b><br>
A Time Warner Company<br>
All Rights Reserved.<br>
View our <a href="http://www.cnn.com/privacy.html">privacy policy</a> and <a href="http://www.cnn.com/interactive_legal.html">terms</a>.
</div>

</td>
</tr>
</table>
</body>
</html>
dig:******@******* [~]$ dig cw-eng.com

; <<>> DiG 9.3.3 <<>> cw-eng.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64873
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cw-eng.com. IN A

;; ANSWER SECTION:
cw-eng.com. 3600 IN A 66.11.73.220

;; AUTHORITY SECTION:
cw-eng.com. 3600 IN NS ns1.terago.ca.
cw-eng.com. 3600 IN NS ns2.terago.ca.

;; ADDITIONAL SECTION:
ns1.terago.ca. 3600 IN A 207.54.98.225
ns2.terago.ca. 3600 IN A 207.54.98.226

;; Query time: 154 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 13 10:20:16 2008
;; MSG SIZE rcvd: 121

With gmail, I barely notice SPAM anymore. I just click the spam button and the delete-all when I'm feeling bored.

spam sucks! gmail has the best spam filter I have seen tho

When did bad people stop writing Cool (perspectively speaking) virus's and start sending out crap-loads of spam and spy-ware. Any for who.
I have not seen those spam mails before...I use MSN Premium (not the greatest but it came packaged with my Qwest DSL...)


.........the only time I ever had a Virus on one of my computers is when I purposely infected the machine my wife uses because we were having an extended argument....(dont even remember what the fight was about......)

Sorry for getting off topic...My new baby has me sleep deprived and i am slap happy...:screwy:

Nice, today I have one with subject "Angelina's Newborn Twins Marry Each Other"

Yesterday fully half of the spam had "Paris Hilton" in the subject..

:rolleyes:

No, I clicked the emails and viewed the source to see where they are trying to take me. I could click the links, my machine is secure, just no need, since I already know what they're trying to do.

How do you ensure your machine is secure?

Also, won't clicking the links somehow alert the spammer to the fact that the e-mail is active?

How do you ensure your machine is secure?

Also, won't clicking the links somehow alert the spammer to the fact that the e-mail is active?

No, they are just blind links, no extra tracking information. I ensure the machine is secure by keeping my antivirus and spyware protections up to date, installing all critical patches, and disabling scripting :) Not too hard..