Don't click that headline, security researchers warn

A flood of e-mails pretending to be from MSNBC contain links to malicious software, security companies warned Wednesday.

According to an MX Lab blog post, subject lines always start with "msnbc.com - BREAKING NEWS" then are followed with a variety of possible headlines, including: "Google launches free music downloads in China"; "Plane crashes into prep school, hundreds of kids killed"; "Please give your opinions for change"; and "US Dollar hits 6-year high, further gains expected."

The Web address http://breakingnews.msnbc.com is valid if you type it into your browser; however, clicking the link within the body of the e-mail will take you to another site entirely. The bogus site will then ask you to download a Flash video file. It is the file adobe_flash.exe that contains a malicious Trojan horse.

Sophos and Websense also issued warnings about the e-mails. Earlier this month, Sophos warned that fake CNN Top Ten e-mails contained a similar Trojan horse. In 2006, the BBC was used in a similar attack.

Disclosure: CNET News is published by CBS Interactive, a unit of CBS.

[professionaladventurer]

A look in my spam folder shows hundreds of emails with the subject of CNN - top 10 all fake, but if it's MSNBC it news?

[`WarpKat]

Uh...sorry, C-Net - this has been going on for a few months already. When you have news about tomorrow, THEN I'll be impressed.

[noitis]

You missed the biggest rip. I got the MSNBC news alert as soon as I clicked on it--AntiVirus XP2008 a rogue anti virus monster took over my laptop. None of my security/virus software caught the 2-trojans and a slew of parasites and a worm/nuvan. AVG after 4-6-hours got the Trojans and some back-door Trojans. The problem is AntiVirus XP2008 took my screen saver/slowed the laptop to a crawl and all of the malware/spyware can't get rid of it--entirely. Why hasn't anyone stopped this rogue antivirus xp2008 from its nefarious activities. They lay their eggs and want you to pay $59 to get rid of them. Any suggestions.

[indnajns]

Re: noitis
If that's the one that sticks the blue/yellow warning on your desktop, try Super Anti-Spyware (www.superantispyware.com). It seemed to be the only thing that would get that off my machine, and that was after three days of trying all the "known fixes" I could find. Free removal, they do take donations and have a pro version. Definately worth it.

[Vurk]

Use a different AV program in safe mode. Anti-vir (www.free-av.com) is good with detection and will install in safe mode, where others (who use the Microsoft installer .msi) wont.