There is a massive spam attack underway masquerading as messages from CNN.com. The first set of messages had links to the “Top 10 Headlines” and “Top 10 Videos”; now there are new variations presenting a “custom news alert.” Clicking on any link in the messages will bring up a dialog that says an incorrect version of Flash Player has been detected that needs to be updated to a newer edition.
You will be caught in an endless loop – if you click “Cancel” another box will immediately appear, over and over. The only way to get out is to force your browser to close with Task Manager, or shut down your computer.
If you click OK, malware is installed. You will immediately get a blizzard of popups, advertisements for fake “antivirus” software, and the likelihood that something more sinister is happening on your computer behind the scenes. It is increasingly difficult or impossible to remove this stuff once it gets on your computer!
At the malicious web sites, you’ll see something like this:
Antivirus software will not always protect you against malware if you click OK at the wrong time! Sorry, that’s just the way it is.
Here’s an article about the spam blitz. Links to the malicious web sites are also being left in comments on MySpace and Facebook, according to this article.
Don’t click on strange URLs! Follow links with carefree abandon to and from legitimate sites, but don’t click on links that arrive in spam e-mail, instant messages, web forums, or IRC chats, or that start from an untrustworthy web site. Be paranoid and surf carefully!
