Last Updated: 2008-08-05 00:45:33 UTC
by Daniel Wesemann (Version: 1)
If you missed last week's chance to get your "airplane ticket", you currently have a second opportunity. Emails are making the rounds that claim to come from CNN, and carry a subject of "CNN.com Daily Top 10". Well, they are neither. But the emails contain click-friendly headlines with enticing subjects like "Will all Americans be obese by 2030?" Now who wouldn't want to read THAT?!
Clicking takes you to the netherworld, of course. You currently receive a file called "get_flash_update.exe" (yeah, sure!). Detection for the sample is coming on line, see http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945
The domain "idoo .com" seems to be up to no good. Other involved domains are too numerous to listen, but about 50 of them currently resolve to 18.104.22.168. That's in Panama.