This Phish Isn’t Biting

As I checked my email inbox this afternoon, I discovered an email which was supposedly sent from CNN. The subject line was CNN Alerts: My Custom Alert. The problem is, I’ve never configured custom alerts on the CNN webpage. However, The email looks very legitimate and I almost clicked on the links until I noticed that the FULL STORY link points to a site other than CNN. Check out this screenshot.

I’ve never received a phishing email which has appeared to originate from CNN. I’ve received similar looking emails from Paypal, Ebay, Chase bank, Bank Of America, etc. They almost fooled me on this attempt.

The funny thing is, when I typed in the URL of the full story link into Google, I checked out the search result for the McAfee Site Advisor and according to them, the site is just fine, no significant problems found.

Here is what I find disturbing. How many people do you think may have been as careful as I was with this link and checked out the site advisor page only to see that there was not any problems associated with the site thus, they went ahead and clicked on the link? Thankfully, the comments section of the McAfee post filled me in on the details:

“…didn’t find any significant problems.” Better look harder!!! Daily Top 10 spam has disguised links to <; concerning which:
DANGEROUS: LinkScanner Online has found [Trojan Fake Codec]
Yeah, as well as clicking the fake link of your choice they want you to download a trojan loader, submit your machine to a botnet and further their aims to rule the observable universe (nice work if you can get it).

(Owned by Inc)
Nameservers: 64.202.165

Registrar: Inc

Also, I sent word about this email on Twitter and many other people have reported receiving the same thing.

Word of warning, do not click on the links within this email. Immediately send it to the trash bin or your spam folder or simply delete it. Although this email smelled phishy, this phish almost took the bait.

17 thoughts on “This Phish Isn’t Biting

  1. I use Gmail, and a similar message went to my spam folder as well. The link did not point to the same domain though. It was a .ch domain which I’m not going to name. I have a feeling these are sites that have been hacked, since there are multiple domains being used.

    Lelands last blog post..PowerTheme Redesigned

  2. And another one.. now pointing to a .ru domain. However, browsing to it using firefox resulted in the following:

    Safe Browsing
    Diagnostic page for

    What is the current listing status for

    Site is listed as suspicious – visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

    What happened when Google visited this site?

    Of the 97 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 08/08/2008, and the last time suspicious content was found on this site was on 07/15/2008.

    Malicious software includes 8 scripting exploit(s), 8 trojan(s). Successful infection resulted in an average of 11 new processes on the target machine.

    Malicious software is hosted on 10 domain(s), including,,

    6 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including,,

    Very nice these kind of tools ;)

  3. Trisha says:

    I received a bunch of these as well, to several different addresses I use, including a couple of auto-responder addresses! Like you I knew I had never configured any settings or preferences at CNN, nor had I ever given them any of my addresses, so I knew right away something wasn’t right. Even though their links were cleverly disguised, a quick peek at the raw source of the messages showed me the true URLs, so I forwarded them to a few spam-reporting services. I also sent a message to CNN to let them know their brand was being abused – perhaps if they could get the word out to be aware of it, fewer people would fall for it. I doubt that they will, but who knows….

    But I’m glad you posted this – it’s a good reminder to us all that we really need a much wider discussion of the underlying problem – that “email” needs a massive overhaul to rid us of this enormous problem of spam. I don’t know the best solution – pay for sending, sender identification, death to spammers – but I’m certainly willing to participate in both a discussion and whatever solution(s) are put forward. And I do think at the very least there needs to be some kind of legislation to force ISPs to reconfigure any mail servers that still allow open-relay service. You’d be amazed at how many there are out there – if there were some penalty they’d get off their lazy butts and fix that gaping hole.

  4. EngieViral says:

    Yeah, gmail is good at detecting this email as spam.

    On Tuesday 5th August we had about 50 people open a CNN headlines email and follow a link. They all got infected with a virus that appears to have some spyware and maybe a keylogger attached.

    The virus installed spyware claiming to be “XP Antivirus 2008” (and also perhaps “XP Antispyware 2008”) and tells the user that they have thousands of infected files on their computer and to remove them they need to buy the “full version” of the software.

    It’s funny how you mentioned the McAffee said the site was fine. We have been working with them for a week now and they still haven’t come up with a fix for more than 1 or 2 of the components and we are getting sick with dealing with people in Bangalore (no, seriously the emails we have been receiving from McAffee have had Bangalore in the signature!).

    – Engie

  5. I got several of these emails claiming to be CNN. I guess there is one good thing about being a conservative is that I do not trust anything that CNN says, so I deleted the emails. Good thing it wasn’t FoxNews or I would have been fooled. Great website, I just found your wordpress weekly podcasts. I am going through all of them and I know it will be a downer when I get to the last one. I am a newbie to wordpress and this is pretty much my first comment. So you just busted my cherry.

    Keep up the good work.

  6. Just a few comments on the WordPress weekly podcast. I commute to work 75 miles each way every day. So I have around 3 hours of free time on my hands 5 days a week. I started with xm radio and that is awesome, but my kids got me a zune for fathers day. Again my drive is now better because I have what seems like unlimited choices in entertainment. I stumbled onto podcasts (I am a talk radio junkie), so podcasts were like beer to me, I just couldn’t get enough. I had heard Leo Laporte on XM, so I searched for his podcast. At the same time I was revamping my website, transitioning from using MS Frontpage to the Zen Cart e-commerce package. Leo said something about WordPress and I thought adding a blog to my site might help with some additional traffic. As of 3 weeks ago I had no idea about WordPress, but now that I have found your podcasts, I am becoming a junkie. I am going slow, probably will wait to add the blog at the beginning of the year. I have gone back to the beginning of your podcasts and I am now on episode 15. The interview with Lorelle was awesome, I realize it is all about content. So I am getting my ideas together so I can add content two to three times a week for 52 weeks. I am still trying to narrow down my interests but I feel being prepared is more important than just putting up a blog site that does nothing.

    WP Weekly format – I like the roundtable discussion, but not combined with the interview, gets to be to long and everyone steps on each other. You interview skills are awesome, you ask poignant questions, but watch out agreeing with your interviewee to much. Example, the small potato interview concerning his theme club marketing strategy was kind of weak, it would work but he needed to charge more money. You can’t give your work away for free and expect to survive. I think it was Nathan who commented on the marketing strategy and he hit it dead on and I could tell your bubble was burst concerning small potato’s strategy. But it is all good. You are very good at this and you should continue. Thank you for the hard work and great info. I hope the show comes back.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s