Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: 'CNN - My Custom Alert' SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
'CNN - My Custom Alert'

Thanks to our readers for letting us know that they are receiving a good amount of some very authentic looking phishing spam.  Although the email appears to be from CNN again, the origination address is not even obfuscated. ISC Handler, Daniel had written a story about the "CNN - Top Ten" storm worm a few days ago.

These sort of emails have one big thing going for them.  The ability to get that user to click.  The CNN brand is trusted and recognized by almost all of our users.  Anyone seeing this email may not think twice about clicking on the link unless we tell them not to.  What a great opportunity for user training.  Send out a short Security Awareness Email to your users and explain to them what it really happening.  Ask them to tell their kids too. 

Far too many people are making this a very profitable way for cyber-criminals to make money.   Try to help your end users understand how to spot a fraudulent email address, how to dissect a domain name and find a masked url address.  Just think about all the infections and exploitations you may prevent.

For more information see the Anti-Phishing Working Group website.

Mari Nichols

76 Posts
Aug 8th 2008
This one's also still the botnet (i.e. the same people as the " Top 10") -- the same group of IPs abruptly stopped sending Top 10 and started sending Custom Alert at midnight California time. The linked sites are the same hijacked servers, and the landing pages have the identical JS-obfuscated content I deconstructed yesterday.

(As always, the hour's current data is at
You can read in detail.

Sign Up for Free or Log In to start participating in the conversation!