I've been getting these all week long – but never bothered to open any of them. Based on the multiple sources in the extended header, they're clearly SPAM. Just an annoyance, I don't think CNN needs to worry about anybody being fooled.

I've been getting these SPAM messages for about a week now. Somehow I knew them to be SPAM. Thanks for alerting us to them.

Is there any way to STOP these fraudelent emails saying they are from CNN Daily Top 10?

Be aware: the spammers have now switched to using the following:
CNN Alerts: My Custom Alerts

Good warning. The folks at SANS warned about this the other day.

As we see here:

http://isc.sans.org/diary.html?storyid=4837

Again from SANS

http://isc.sans.org/diary.html?storyid=4841

Vijay is correct..

Never click on any link in an email without examining the header.
Safer yet? Just dump the email.

I got this spam and immediately knew it was phony because it came to my work e-mail. I never give out my work e-mail for anything not directly work related.

I, too, have been receiving these "CNN Top 10" spams. At first, I thought they were legit, and I even tried to click open one of the stories. However, I was unable to link to it, and furthermore, my virus block from Norton block it, saying that it was a high risk link which could only mean that it contains a virus of some sort. One link even said, "Air Force One crashes in Iraq." That made me suspicous.

I mark them as spam and will do so from now on.

I had a client today who clicked on a link in one of these emails and was quickly infected with malware. The file that infected him was hosted on an ru domain and was named adobe_flash.exe. It hijacked his desktop. We have now gotten it removed but I don't think he'll ever click a link again.

Charlotte, you obviously don't deal with too many computer users. Not everyone understands the spoofing of email addresses no matter how many times you tell them to be careful. This one was obvious if he'd only moved his mouse over the link and looked at it before clicking.

The one I got said that Nicholas Cage died in a freak accident. I just wanted to come here and verify that it was spam, and low and behold, it is. Thanks for informing us of this, and GMail did it's job too.

I had a momentary lapse in judgment and clicked one of the links. It installed a malware bug claiming to be a spyware cleaner. It took a google search and a half hour to get rid of it. DELETE DELETE DELETE

It wasn't ONE email...... I have been getting several per day for days. It's very obvious the email isn't from CNN however since the "From" address shows a variety of domain names, none of which are CNN.

It's not just spam - it is a distributed Trojan. CNN needs to do what they can to hunt the scumbag down who is sending the virus out and beat the crap out of him.

Several of my users received this spam. It's actually an auto-generated piece of malware that simply uses the CNN news listing to evade spam filters while it sends out copies of the Mal/EncPk malware code.

To echo the original post's recommendation: delete it and forget it. These things are a dime a dozen and nothing to get excited about. Just keep your anti-virus and anti-spyware signature files up to date.

The damned spammers got me! It took me a couple of days to restore my computer and remove the malware. I guess I'm distracted by the fact that a construction project flooded our home on July 1st with raw sewage, 3 generations of my family have been homeless ever since, but thankfully two insurance companies finally put us up in a hotel. Then a week and a half ago, I found out my wife has a 12 cm tumor that might be ovarian cancer. I let my guard down once, but never again. Damned spammers should be executed.

Why did this alert not include the warning about the worm/trojan? You should have also told people to not click the links in the mail.

I got 3 of these emails in the past 2 days... I never signed up for any email messages from CNN.com so I never even opened one. Straight to the junk main folder.

I fell for it. It was a real sob to remove from my system. PLEASE do not open file or click on phony stories. Site looks legit, and I wasn't paying attention to the url above.

I did receive 4 of those messages today but they were automatically filtered into my Junk folder – finally hotmail filters are doing a good job. In the last 6 months I never received junk email in my Inbox. Good job for Hotmail.

When I received the spam of CNN's Top Ten news stories of the day, I thought "what a great idea". Unfortunately, the videos did not load and I was disappointed that I could not watch them.
Perhaps CNN can offer this legitimately as a daily email service to its readers.

I received these yesterday but ignored them because they looked like spam.

Is it just spam or is it a trojan of some kind that harms or hijacks computers?

Glad you all are aware of this and hope you can stop it. I've been inundated with these e-mails.

yup, got it and it looked very legit but a little digging proved the hunch correct – malware.

Thanks for the heads up, though.

I would like to thank CNN on this post, indicating that they are pro-active in alerting the public of this fraudulent activity. I can only hope other organizations follow your lead.

I've gotten a bunch of these. As I haven't signed up for CNN alerts, I figured they were spam and deleted them. But they're annoying. Like all fraudulent spam.

I had signed up for CNN alerts and was fooled by this one. I didn't click on a story link but did go off to the link "unsubscribe". I sure wish CNN.com had put this warning up a few days earlier. If so many people had gotten it all week, that would have helped.

I got one of these the other day that had a hilarious headline in the subject that I just have to share. It said "McDonalds Happy Meals in San Francisco to include Gay Marriage license." LOL. A good sense of humor seems to be this spammer's only redeeming quality, though, because the links contained in the messages do not go to CNN but some offshore site that's almost certain to install spyware/malware/viruses/etc on your workstation. Just delete the messages! But you can laugh first...

Since I use a unique eMail address for every forum, blog, etc. I subscribe to, I realized quickly that it must be spam mail.

One question though: Why haven't we introduced a new email protocol at this day and age that would simply eliminate spam mail?

If I had to authorize everyone first who wants to place mail in my mailbox, it would be simple and easy to eliminate spam for good!

However, I believe the industry is not interested in that idea! Guess why? – Same reason why the industry needs viruses!
Just image how much money McAfee, Symantec and others would lose if there were no viruses anymore!

If your mail were DKIM (rfc4871) signed, it would be a hell of a
lot easier for spam filters to determine legitimate CNN email from
Romanian scammers.

OK... I'm a BONE-HEAD. I got one of those and thought, "Cool... Let's see what's happening." *Click* – and all of a sudden my antivirus software started jumping up and down and waving arms around a lot yelling, "You've got 622 viruses on your computer - DISINFECT NOW!" By the time it was up to 1762, give or take a few trojans, and spyware, my computer security software is still scrubbing away. At some point in the process, I remember looking at the sender's e-mail address and registering somewhere in my reptilian brain, that, behind the alias, the e-mail address had nothing whatsoever to do with CNN... and I clicked that blasted link ANYway.

What kind of pay-off does anyone get for sending out that kind of vandalism? Is there a government grant out there somewhere for a study to see how many of us are on "automatic?"

Duh. 10 demerits for me.

I have since received at least a dozen of those, from various inauthentic e-mail addresses.

I appreciate CNN's having taken the initiative to post a warning.

Thank you.

yup, been receiving that CNN spam almost daily at my work email address, for a week now ... i just delete it and mark it as spam.

My first one was titled "Angelina Jolie Suffers Miscarriage". Gee, I thought she just gave birth 2 weeks ago? A little early for her to be pregnant again. Obviously these spammers pay no attention to the real CNN.

Now they go straight to Report Spam.

Thank you for clearning that up! I thought I was going crazy. I unsubscribed sevearl times–which I know is a "no no" when it comest to spam. So, I probably did more damage than good. Just nice to know it really was a hoax and not really from CNN.

Thanks again!!!

Please post an email address where you can be notified of future spam bearing the CNN source name, OK? We're pretty sure this won't be the last one...

Thank goodness I own a Mac...I clicked on one of the links, and my computer was not infected...

I tried to report this to you, but you did not respond. We got several at work and they really caused us a problem.

They had your logo and you should have caught this sooner. We realize you are not at fault and we, as a company and I, as a person, wish that the spammers and other malicious people would just stop. You already got your 15 minutes of fame. Now just leave us all alone, please.

If you want to virtually eliminate spyware/malware, just switch to Linux, and dump Windoze. Rather than supporting an unethical company like Micro$oft, you can actually get a free operating system that is both easy to use and virtually virus/spyware/malware-free.

Then you don't need to worry about clicking on dangerous links anymore, because almost none of them run in Linux.

Gee.. finally a comment on the front page about this... you guys really need a spam alert link. I've been getting these for the last month. and no way to inform (easily) folks. other pages have been talking about this for weeks. mostly the same complaint.. no way to tell cnn about it. if your news is as up to date as your awareness of spammers you need some help...

You do no service by taking the route of merely telling people that the e-mail messages are not coming from your site. Far too many whose domains and trade names are used as hooks by spammers, although they have the resource to take an aggressive approach, instead elect to simply brush them off as a minor matter that is the responsibility of the victims to handle.

Yes, safe Internet practices are essential for everyone who uses online resources, and I would support federal legislation mandating that computers come installed with protective software; however, these spammers, phishers, and assorted other criminals and malcontents will keep hurting people and companies until they are confronted by the three-pronged approach to law enforcement: certainty, swiftness, and severity of punishment.

This is not a call for more invasions of privacy by the already over-the-top approach to "homeland security" being pursued by federal law enforcement; instead, it is a call for corporations like CNN, banks, and online services like eBay to defend their trademarks and the quality of their online communications with the public. Until that is done, disturbed individuals will continue to exploit the weaknesses of many overseas and domestic home computers, servers and services to launch increasingly aggressive, destructive attacks that will erode not just the infrastructure of trust in online communications and sites, but also the reputation of companies that choose to tell the public what its responsibility is rather than directing those energies to dealing with the people who are victimizing the public.

thanks for cnn & all of you who blog honestly who in a indirect way help people like myself who knows nothing of computers, by the way what is an url, i do subscribe but haven't gotten any of the mail's you speak of. thanks.

i think it has taken CNN way to long to respond to this spam epidemic!
I did not closely look @ it but just thought it was something new CNN was doing. WE all scan thing very quickly. I try to unsubscribe but I don't think that is the right think to do!. Now, I'm getting about 10 of these per day.

CNN could have sent out an email as soon as they received the first complaint. They put out those one line header all the time-why didn't they do it sooner? I open up to their web site many times throughout the day. A little late...

I knew it was spam, deleted it, but I am traveling and they continue to clog up my email inbox until I have time to delete them. Let me get my hands on just one spammer and he/she will have wished they had been sent to Gitmo instead. Worthless scumbags!

I reported this to CNN on Wed 8/6 and promptly got back this reply "Greetings, Thank you for alerting us to the spam you have received that purports to be from CNN. As you may know, spammers often disguise or forge the source of their e-mail to give the impression that it derived from the CNN system. In fact, this message is fraudulent and did not originate from CNN. We suggest that you delete it, and any other e-mails you suspect to be illegitimate, from your mailbox. Sincerely, CNN Technical Operations" from vcm@cnn.com.

It's really crazy how easily these viruses and trojans are spread these days. In this case, it was fairly obvious, but in many cases it is not obvious at all. If your searching a subject on google for instance, clicking on the wrong link in your results could actually start downloading malware and viruses instantly, without you knowing it. Sure, a virus scan can remove it, but I'm frustrated at the fact that Mcafee or Norton don't block the download immediately in all cases.

The two best I got from them were earthquake strikes japan and kills thousands and the olympics had been cancelled due to lack of interest. I e-mailed CNN about them and thought they might be full of viruses and they got right back to me and thanked me . Guess they were unaware of it . I even gave them a domain it was sent from ! Good to see they issued a warning though – good job !

Sorry to hear about the hellish week, TD. Viruses alone are nightmare enough!

Best of luck with everything!

How to avoid this crap in the future:

First, keep your antivirus software up to date. That one is easy.

Second, read your email through gmail. Gmail's spam prevention tagged this as malware very quickly. It's shared spam reporting is very powerful for limiting future infections.

Third, stop using IE, and use Firefox, with the No-Script plugin. The plug allows you to selectively enable javascript. Only enable it for the site you're visiting, disabling access to things like googleanalytics.com, admt.com and other ad agency sites. These are popular DNS poison pill caching targets, and are used to insert malware on your computer through harmless looking banner ads, even when not visiting a dangerous site.

Fourth, Stop using your ISPs DNS server. They're easier to crack than walnuts. Use OpenDNS.org for DNS services. Additionally, your ISPs DNS servers are probably overloaded, and slow. Using OpenDNS will probably make your internet "seem" faster.

If you do these things, you will be protected from almost all the attacks running wild on the web today.

Regards,

EvilJohn

I got one of them, but deleted it. It looked funny. I am only subscribed to CNN Alerts and this did not look like that. As compared to other sites, I know CNN wouldn't send me something I had not subscribed to, they never have.

I knew Nicholas Cage didn't die in a freak accident!

Earthilnk provides such a service. Anyone who e-mails you who is not in your contacts is required to send another mail, saying who they are, etc. It gets to be a pain.

At many other posters have noted, this phishing scam has been out for a week. CNN should have posted this notice a loooonnnngggg time ago. Certainly, your IT staff was aware of this scam, certainly your other staff were getting the e-mail, CNN should have figured this out and publicized warnings about these messages days ago.

I have been getting them too, as "My Custom Alerts." Fortunately I knew I didn't set any "alerts" so I deleted it without question as soon as I saw it in my mailwasher window, before it even got into my e-mail account. I have good anti-virus and anti-spyware, but I still use mailwasher – its a great program. Too many nuts sending out too much junk out there.

I have McAfee & Webroot Spy Sweeper. I still got these e-mails. It was late, I was on muscle relaxers and not paying attention. I opened the 3rd one and clicked a link. I immediately ran a scan of both systems and nothing turned up. How do I know if the malware is on my computer?

that was an interesting statement..BUT it did not give us any information about what the purported spam message said!

I've been getting these for the past few days, and I'm sitting there going "How in the hell did CNN get my e-mail? I never signed up for anything." Thanks for the heads-up.

CNN *should* be more concerned about these things. They will have noticed a peak in the "unsubscribe" requests since August 5, when they started. That's because the unsubscribe link in these things is the real CNN link. The odds are that quite a few actual CNN subscibers will hit that link, thinking their subscription has run wild and wanting to opt out.

And yes, the "payload" link or links is to some malware distribution point(s) (probably hacked websites, otherwise innocent and constantly being added to). The purpose is to enlist more zombies from the numbers of people who follow the links – to then send out even more of this stuff. And further erode CNN's subscription base and reputation.

Heads in the sand CNN?

gee, it only took you close to a week to finally say something!

I got these e-mails, all to dead links...no infections. I have been watching the news about spammers and the tougher jail sentences they’re receiving upon conviction. I believe that beheading is the appropriate punishment for spamming. I get over 2,000 pieces of crap a day and if you multiply that over the entire workforce of the US, it translates into billions of hours of us sifting through bogus crap to get to our real e-mail. This kind of disruption calls for the most severe penalties the law allows...I think the death penalty for serious spammers is appropriate.

I saw this several days ago – when news first broke – and posted a bulletin to my MySpace page, alerting my "friends" and asking them to share it with theirs...probably hit several thousand people early on...

When we fear the spammers, the spammers have won.

I'm also getting this message both being delivered to my inbox and spam box. I'm not sure what the message being sent is always saying but I know the ones I am getting list 'CNN alerts.' Like always just don't open anything unless you know the person.

I have already received several of these the past few days. Thank goodness I didn't click on any links and deleted them. Thank you for blogging this issue.

info@orvilleredenbachersux.com

http://www.orvilleredenbachersux.com/

I fell for this spam at first. Opened the email and clicked on a link that led me to a page that couldn't be found. Thank goodness I use a MAC! Nothing 'bad' seemed to be installed as a result. Another reason to GO APPLE!!

I'm having the same problem with"Custom alerts". I keep receiving them even though my CNN account says I'm not subscribed to Custom Alerts. I just direct them to the junk filter, and move on. That's about all I can do.

interestingly enough I have had many this past week in my work email. I never open up any emails that contain external links.

Here are the spam headlines sitting in my junk folder right now:

Drive your girl mad with this crazy coolest invention.
Depression and sadness will kill you, so lighten up here.
How to make enough money without leaving your home.
I will die if you do not help me now.
Best insider stock tips here.
How to spot easy poker opponents.
IPhone going at half price.

Number two in my list made me laugh... clearly spam.

about 1000 of these cnn-"related" emails later... they have finally subsided... oi. talk about annoying!

What a bunch of mentally ill, depraved individuals who would garner any personal enjoyment knowing that their spam could lure trusting individuals into their web. Pathethic!

I looked at this message and saw the news story NASDAQ drops 28% overnight so I clicked on and there was no story. Then I closed my computer out and went to work. When I rebooted the computer, sure enough, there was a "spyware" on there promoting a virus software. You could not get it to go away without paying for the subscription. I was lucky because my son is our IT director and had seen this so he used some program to get rid of it. These people should be caught and pout away for doing thisngs like this.

Thank you for the post! I've been getting these messages as well and found it funny as it seems like it would be something that I would sign up for – but know for a fact that I didn't!

I received two spam emails purporting to be from CNN. They were both titled "Your Custom Alert" and I clicked on one link, and it, in fact, brought me to a cnn.com webpage (I think). But now I keep getting an error message that "There is an IP address conflict with another system on the network" even when I am not online.

Another incomplete liberal arts major originated news story. Don't you guys check storeys before they go to print. Next time please include that the thing has a bad virus in it. And how come you guys can't get on the bandwagon to start making those "antispam", "antivirus", etc companies assure that their programs are more effective. No one who has a computer should have to continue paying for these damned subscriptions to keep their computers safe. Seems that since the programs are absolutely essential to the interstate commerce going on here on the internet, then perhaps, those programs should be a one-time cost.

I did receive three CNN NEWS ALERTS up to now. As all of them landed in my SPAM box, I deleted them. Acording to your blog, it seems that more than one SPAM based on CNN is circulating.

Last one was about Nicolas Cage dead in accident.

just got mine this morning, came as CNN Alert Beckman loses foot.
It looks very, but since I hadn't signed up for any CNN Alerts I deleted it.

Well, I opened it (stupid me). It inserts a trojan which I was able to remove. I do not know what the trojan does but beware.

One more very good reason why we should all have Spam guard protection installed on our computers.

I'm never fooled by spam because I hover my cursor over the link and see where it goes before clicking on anything. I got several of these emails over the past week, and they all contained actual Top 10 headlines, such as the progress of Tropical Storm Edouard. For some reason, it didn't occur to me that they were spam. I knew that I hadn't signed up for them, but I assumed that I had accidentally signed up for them by failing to uncheck an "opt-out" option when sending a story to a friend. CNN wouldn't be the first supposedly reputable company to use an opt-out strategy to sign people up for unwanted emails!

So, I scrolled right down to the unsubscribe link and clicked on it! While the headlines don't link to cnn.com, the "Terms", "privacy guidelines", "Contact us", and "To manage your settings click here" links at the bottom appear to be real. I'm probably not the only person who clicked on the link to unsubscribe from the Daily Top 10 at the bottom of the email before realizing that message was spam, so could CNN please confirm whether or not it was safe to click on the link that leads to "http://cgi.cnn.com/m/clik?e=(your email address)&l=cnn-dailytop10"?

I am grateful that CNN posted this warning but agree with many that the article should be updated to indicate that the content is not spam but rather a Trojan,

http://www.thephins.com

Thanks for letting us know.

This morning another "alert from CNN" announced "Thousands killed in California Earthquake." This originated at 7:59 eastern time. Nice wake up gift for a Saturday, right? I hope these people burn for this.

This email not only attacked public email services but also made it through to corporate email systems. Yes, it is a Trojan and CNN, with its vast resources should put an end to this.

http://www.nuuvoo.com

While it's great that CNN is warning people after a week that these false messages are circulating, it would be helpful if within the blog post some information about the threat these particular emails contain. Additionally, it would be great if CNN offered any sort of help or direction to get help for someone who has clicked on one of the links in these messages.

This post looks more like CNN attempting to defend it's brand than actually caring about the people who use CNNs services.

For those of you that think that CNN can do anything about this, they can't.
It's all a bigger picture about botnets spewing spam, and in this case a embedded trojan/malware. It could of easily been Fox news, or MSNBC. I wouldn't be surprised to see Olympic spam in the next month. This issue will never die, because we're the Tom, to the spammers Jerry. Just use common sense when looking at emails, it's not hard people. I work on a daily basis with for an ISP that tries to help our customers that don't even know they're infected with a virus, and sending spam. It can be very Frustrating!!!!!

There is another CNN-esque spam email floating around with the subject CNN: My Custom Alerts. Just FYI.

I had one of these in my mailbox a couple of weeks ago and it turned out to be much more than spam, it was a trojan that killed my hard drive!

The story came up as "B-52 crashes". I live near Barksdale AFB and the plane was from our base so naturally I was concerned. I have many crewmen and friends on the base. I clicked and bam, virus times ten.

The trojan set up one of thos security programs telling you your computer is infected and click here to buy the remover software. I wouldn't and chose the software I already had. No good. This virus spread so fast that with-in 24 hours the hard drive had to be reformatted completely.

The software also played a "joke' virus on my pc. The joke is it put up a phoney blue screen saying my computer had an exception error plus it wouldn't let me download any virus definitions, MS malware remover, spyware remover or anything else. It hijacked Internet Explorer 7 and Firefox.

DON'T CLICK on ANY link in your email unless you know who it is really from.

Got a bunch of these which Verizon thankfully caught and put in their Spam folder, which I saw when I checked on Verizon's site. I do that every couple of days, mainly to see how aggressive their Spam filtering is. Another thing – thankfully I'm on a Mac and wasn't affected; I got a warning in Firefox 3 that an added program was needed to be downloaded. I was able to force quit Firefox and all was well.

Is the e-mail below from yours?
Thanks.

Your E-Mail Alerts
Alert Name: My Custom Alert

Bana goes from Hulk to Beast
Sat, 9 Aug 2008 08:18:22 -0400

FULL STORY

You have agreed to receive this email from CNN.com as a result of your CNN.com preference settings.
To manage your settings click here.
To alter your alert criteria or frequency or to unsubscribe from receiving custom email alerts, click here.

Cable News Network. One CNN Center, Atlanta, Georgia 30303
© 2008 Cable News Network.
A Time Warner Company
All Rights Reserved.
View our privacy policy and terms.

interestingly enough, i had a similar spam email arrive a only an hour ago or so... purporting to be a "CNN Alert" (or something to that effect) touting that Nicolas Cage had died in a freak accident.

I got a CNN New Alert (something I did not sign up for) that said Christine Applegate Dies of Breast Cancer, a real shocker to be sure. The person who sent this phony mail was Delores-tabruk@3rdpartyclaims.co.uk. I don't click on anything in e-mail especially if it takes me to a website unless I know for sure that it's safe.

My whole office has been getting this–good thing we're Mac-based and probably aren't vulnerable. The graphics look real, and some headlines are related to actual stories, but upon closer inspection some headlines are ridiculous: "Britney Spears and Michael Jackson to Write Parenting Book Together", for example.

Before sending out a mass email to my office warning of it I found some info here: http://techtipdaily.com/2008/08/07/fake-cnn-top-10-video-picks-email-wreaking-havoc/ .

I am now suddenly and consistently getting 50+ spam emails titled "CNN Alert: My Custom Alert". Coming as fast as I can delete them, and causing a real headache to our small business here. Almost fooled me (who is abundantly cautious) into opening one, and dangerous, thus....

Glad I could help!

I have google mail. The google mail filter caught two email purporting to be from CNN. The first was earlier this week and the second was in the last 24 hours. The latest purported to be Top 10 headlines about the Health section of CNN. I didn't open either one and immediately deleted them. If the filter hadn't caught them I probably would have opened them, at least, since I get CNN's Breaking News in my mailbox.

Thanks, Google!

And to Art Breaux: it's unfair to blame the AntiVirus companies. It's always going to be a game of catch-up, with the virus companies one step behind those who are writing the viruses. So it's a lot of ongoing work on their part. It's more logical to blame the operating system companies, like Windows, who can't build "bulletproof" systems and force us to buy the virus software. However, perhaps a bulletproof system is impossible unless the computer is kept in a dark room with no contact with the outside world Ultimately, however, it is up to each user to be careful and follow the steps recommended by experts, including not opening attachments or clicking on links if you don't know what they are. When it comes from a company you know, such as CNN, it's tough. Even following the rules is not a guarantee, but does reduce the user's chances of being harmed by a virus.

I have probably received over 300 "CNN" emails over the past few days. Very annoying.

I am not an advocate for the death penalty but I would make an exception for spammers..

I note that some of you were able to remove the malware. Did your antiviral software do it or was there another method? I too fell for this one and my McAfee software claims it detected the trojan and "repaired" it but I am having serious browsing problems ever since. Any help?!?!?!

Spam will not go away until companies being victimized by spammers (like CNN) step up and aggressively prosecute those responsible. Spam exists solely because it is cheap to produce and very profitable. Remove the profit and the organized spam rings move on to other scams.

I am also now receiving "CNN Alerts" – I believe these too are spam – had ~ 12 in my inbox this morning.

Why don't we have something that we could set in our computers to return, unopened, all unwanted mail? It would certainly fill the mailboxes of those individuals sending the unwanted mail.

I got one the other day. Now just within a few days I am up to 10-15 of these every time I check my email each day. I never thought they were original since I didn't sign up for anything from CNN but they are getting annoying to say the least.

There is a new one out there: CNN Alerts: My Custom Alert.
It has been coming in about every 20 minutes even after I blocked it.

I have been getting these all week long at my business and unfortunately i DID try to unsubcribe ONCE. I have gotten CNN updates in the past and was a subscriber. Yikes. I dont know what damage that caused.
I am typically very cautious but that one caught me off guard!

On Friday I received the "CNN Alerts' telling me the Nasdaq had dropped 25% plus overnight. I didn't click on the story because I was terrified it was true. All day long I would not open CNN.com afraid to see the headlines announcing the crash. But as the day went on and I didn't hear gossip about the financial crisis I started thinking that the email was spam. I didn't click on any link, so my computer is fine, but that email sure ruined half my day.

Most of these CNN spams are filtered into junk mail, but for some reason a few still get through to my inbox.

One of the primary functions of public relations in most organizations is to protect the brand name, reputation, and image of the organization.

CNN Public Relations has failed in its task.

First, they have characterized the messages that we have received as every day, garden variety spam such as those proffering Viagra. They are not! They are a mechanism for delivering and installing malware on the customers' system.

Were one to click on any of the Top 10 Video links, a page similar to the CNN Videos page would be displayed with an alert displayed in the video pane claiming that one's flash viewer was out of date and could not display the content along with a link to "update" your flash viewer.

CNN Public Relations should have placed an alert regarding this in a banner at the top of their main page instead of hiding it down in their blogs. This is being irresponsible.

Ahh, I feel better now! Now that CNN has professed no interest in the "spam", I'll get rid of the messages by restoring my forensics system to its pristine state.

If CNN was truly serious about stopping this spam, they would change their page that is linked to in the message. They could advise anyone who clicked the "Change your CNN.com preference settings" link that CNN did not originate the message.

I got it a few times this week too. I looking into it a little and the ones I got appeared to be coming from a server in France.

I feel bad for those who do not know any better and start clicking on the links. Who knows what they will get into...

Hi,

We days back I saw some link in the main page showing Indian Embassy attack in Pakistan when I opened my cnn web page. I thought it was some refresh problem, after that I couldn't find that link sot sure it's my laptop browser problem or some kind of hack on cnn web site.

Keep in mind that this is not CNN’s problem. This is the Spam Email recipient’s problem, and not all persons with a computer and an Email account are as savvy as most of the readers I see here. Being an IT director, I immediately contacted every one of my fellow staff members via Email and by telephone to warn them. I definitely did not want to spend my every waking minute of the next two weeks disinfecting company laptops. This is one of the best thought out and initiated attacks, using some of the smartest tactics, and a network of legitimate websites that were taken over by passwords thought to be obtained by infiltrating FTP transfers. The perpetrators are also is using a phony Flash Player file as their launch pad, so I recommend to all to avoid any unsolicited Emails, any links found with in any Emails, and any apparent Flash Player related links or upgrades for some time.

Even though this is not CNN’s problem [directly], I tried to find a link where could report this message to CNN, but I was unable to find a specific link for the purpose of reporting fraudulent [phishing] Emails. Via their regular contacts, I reported it, and then I recommended to them that they initiate a link to report such erroneous messages to their IT or security departments in the name of community conscience, just as companies like Bank of America and PayPal have done. These other companies take an active roll in fighting fraudulent phishing Emails, both for the protection of their customers and for the preservation of their good names. While CNN’s Blog does deny blaim, it does nothing to help stop this type of criminal activity, or to uphold the integrity of the CNN name. I urge all of you to urge CNN to do so.

Also be advised that there is a similar Spam mail circulating that appears to be from Microsoft asking you to Update Your Version.

I think it's time the ISPs and the Internet industry "draw the line in the sand" and force changes in the way email is sent and processed to stop spam from being sent out. Most of the spam I see has obviously fake return addresses. With all the bright lights out there, why hasn't someone devised an automated process for determining that the sender in fact has a legitimate return address, that it came from an authorized account in that domain and that return addresses can't be manipulated by spam senders so it can be traced easily. If it doesn't pass, it doesn't get delivered; if it is spam and receivers complain, the account can be traced and deactivated by the ISP.

We received two copies of it. Fortunately I'd already heard about its existence.

Anyone using Internet Explorer should check Status Bar on the View Menu (press ALT if you don't see it). Then you get a space at the bottom of the screen that shows the details behind a link when you hold your mouse pointer over it (Don't click; just point)

In this case, although the CNN links were all valid (including Provacy Policy ) all the video links led to the same non-CNN website in Germany and to the same html file.

What really bothered me is that I searched all over the CNN website including its website map and could not find an email address to report abuse - how did people report it to CNN as referred to in the opening message?

I tried modifying privacy.cnn@turner.com to abuse.cnn@turner.com but that bounced back.

I alerted CNN about this yesterday! Am glad they are looking into it!

Here in Germany we have also received this one:

CNN Alerts: My Custom Alert

I received it last week. I was suspicious (as usual) and deleted it and then deleted it from the deleted folder. Glad I did.

Considering I got about 5-6 in my inbox on Monday, I figured them to be spam and set up a rule to have it go directly into the trash.

I have been getting about a dozen of these a day for several weeks now.
I just deleted 4 again this morning, Getting really tired of it all.

Thanks for the heads up, CNN. CNN.com is my default home page so I can stay on top of world news, which is why I'm been both confused and frustrated at the volume of emails I've been receiving lately with CNN Alerts. I've tried to unsubscribe numerous times which only made the problem worse. Initially I thought that my email was used by CNN without permission, as I forward and recommend CNN news stories to my contacts. This clarifies things- thanks again for the info.

Thank you. I received 4 of them. At first I had to think about it because CNN is set as my homepage. But when it came to my business account, I knew something was up.

I guess there are just sick people in this world with nothing better to do.

First off use and keep up dated a good firewall and antivirus, I use Outpost Pro and Avast Pro. A good antispyware program to use is superantispyware it has found items that others have not.. On your web browser click on tools,then internet options,then privacy,then advanced, check the box for "override automatic cookie handling" under the headings first party cookies and third party cookies check the prompt entry. click on the OK button and again click OK on the options page. Everytime you go to a web page now it will tell you who wants to set a cookie on your machine. You will have to allow folks that you do business with (banks, online orders ,etc) The rest of them I block. Over time a list is built of who is allowed and who isn't so once on the list you won't be asked to allow or block. If you block one by mistake you can go back to the list and remove the item or allow it. I have also allowed a site to do business with and then went back and blocked them after I was done. To see the list go to internet options,then privacy and click on sites. It can be a pain in the butt getting started and from time to time has blocked items I wanted to see. If you don't like the way it works go back to the privacy tab click sites then remove all then OK,,,click default then apply at the bottom and you are back where you started. (If you use spybot do an immunization, the list removed, is where they block pages from,) This will not stop the spamers that have your email address allready..it will stop others from getting it ....I changed internet service providers three years ago and started doing what I said above I get maybe 3 off the wall spam messages a year. It seems like everytime I use ebay or paypal I get spammed from someone, There again you have to allow the cookie for the site you do business with...you don't have to allow a cookie for all their ad services.... hope this helps

I received a different one "from CNN". Two of them in fact. Google correctly labeled them spam.
It has title "CNN Alerts: My Custom Alert

Contains this link in two places: http://omzgolitsino.ru/cnncurrent.html
One purports to be "Web site pokes fun at McCain" and the other purports to be "FULL STORY"

Today I received a "CNN Alert" in my bulk mail. Haven't opened it. Is it for real or another spam?

Thanks for the heads up. I had this happen to me. I was suspicious about it and deleted the messages, but I was still wondering what was up.

I got over 50 and kept putting the sender in my block list only to get more... delete delete

I have been getting at least one of these messages a day. I frequesnt CNN.com and could have been easily lured to open this message, but I am much more net-savvy than that. I checked the source and discovered the masked address.

Good blog. Not everyone is net-savvy enough to see this is a fake.

Obviously this was spam – you're just a tad bit late alerting everyone! Quite honestly – extremely late.

They have now connected it to a download if you want to view a video, this is all spam and likely some kind of virus as well.

I been getting them too, but I thought the title seemed weird. I unsubscribed but still getting stuff. I was about to write CNN something til I seen this blog.

Rui, NO that is NOT a legitimate CNN email. Do NOT click any links on it, delete it immediately. If you hover over the links you will see that it goes to an overseas server called lunchboxcafe.ru, NOT to the CNN site. Do not click on any links or you will get the trojan installed.

I got several of these, even after blocking the message. I knew I didn't sign up, as I keep a running list; I just re-blocked the messages.
Thanks for letting me know I wasn't the only one!

It's still happening - but today's messages are from CNN Alerts rather than the top 10 stories. They read this too, so they will probably change tactics again.

I have been getting dozens of these every day for the past week on both my e-mail accounts. I really wish you the best in stopping it and great work warning everyone.

I have been receiving about 50 emails a day from "cnn" it was driving me crazy. Thanks for clearing this up

you should file a report @ http://www.ic3.gov so that these jack***es can be found.

I always look at the From details (header) as well as the email source, but not everyone is fortunate enough to have a raw-text only based email reader, or would know the country associated with the first part of the IP address. if I see an IP associated with Russia, UK, China, Poland or other obvious overseas destination, I immediately know the email is fraud/phishing. if someone has to relay an alert through overseas networks, it's a clear sign of fraud.

but a lot of this nonsense would stop with a raw text email program, which is the equivalent of viewing the source of an email and allows the URLS to immediately pop out so a user can SEE the web location they are about to access.

or use gmail.com. I was hesitant about making the switch, but am very happy. I even have external accounts routed to gmail for safety. their spam filtering is excellent. I'm BEYOND safe – malicious viruses can't be sent/received as attachments, and if I open the email from someone I don't know or with a from address I don't recognize, I immediately click the Show Original (Source) option and immediately the actual URL being directed to will stand out.

I don't know if any raw text email programs exist for PC's but for the Mac, there is MailSmith by barebones.com or PowerMail by ctmdev.com

a lot of companies that provide email service should NOW use these ongoing spam/viral attacks as an example to provide a RAW text email option FIRST, then with 1 button click allow user to view email in a normal way. some services like Yahoo or Hotmail don't even allow viewing of the email source which protects the scammers/spammers.

internet predators are preying on "happy clickers" who use HTML readers and will just happy click away into virus oblivion.

Hey you guys at CNN. How about doing a hard hitting investigative piece on these Spammers? Talk about a story landing on your doorstep. Why don't you find out who these guys are, and why they are spreading this Malware virus in your name? You might do some good exposing these creeps.

CNN isn't the only one to suffer from this. I've gotten over 40 in the last 2 weeks from someone purporting to be Circuit City, and they are also to addresses never used publically. At least CNN has the decency to do something about it. Circuit City probably just hopes people get some virus and have to bring their computers in for repair. lol – probably the best thing to happen to them since the layoffs of all their qualified personnel.

CNN, how about you tell us how to stop this? I was hoping someone would say in the comment section, but just too many to read and quickly got sick of all the stupid comments. I tried to send the domain name and email addresses to junk mail but they all come under different addresses and domain names. They're seriously driving me nuts. Have received about 20 to 30 a day for the past week. I'm gonna freak out soon... and i'm gonna blame CNN!!!!!

Another way to verify or investigate if it's legitimate is to hover over the link. When I saw that it wasn't going to CNN, I knew it was a fake. I don't know what these creeps get out of doing this. Luckily, people are smart enough not to fall for it, but I see how some could be fooled.

I'm so glad CNN is writing about this! I keep getting spam messages for the CNN My Alert. I get about 20 a day. Gmail places them all in my spam folder.

But at first I thought CNN was sending them, so I'm glad I know what's going on.

Thanks.

Thanks for the heads up. I got the e-mails, and when it didn't sound right, I just deleted the rest of them.

Thank you CNN for clearing that up, I've received tons of them. I know for a fact I did not subscribe from you guys.

I received this spam and immediately recognized it for what it was. I tried to forward it to CNN to alert them using common e-mail addresses for notification (hoax, spam, etc. @ cnn.com) and none of the addresses worked. I then went to the CNN site to try to find a way to contact them, reached their Contact Us page and was frustrated to find that they did not offer any simple way to notify them of the message. CNN - please be more responsible and help those of us who are willing to spend a few minutes to alert you of an issue by making it simple to do so!

I'm a real fan of CNN and use them for all of my daily news updates, but I was quite disappointed with the lack of clarity in how to contact them with something of this nature.

I got two. The first one was a CNN Alert: Nichlos Cage killed. I didn't open it because I looked at the properties and it wasn't from CNN.

I use MS Outlook Express and a virus email check program. The emails passed the virus email check but had an attachment. With emails like this that don't seem right I Highlight the message and then right click and choose properties. The General Tab shows who the email came from and these didn't come from ....cnn.com. Then I click the Details tab which shows me the "header" without opening the email. If the sender look suspicious then I stop there. If I have a doubt then I click the message source tab and can see the emails full header and the message in ASCII text, which is what the virus scanner checks. If this doesn't look good (i.e. from someone I know with an attachment that I expected them to send to me by my request) then I deleate the message and do not open the attachment or go to the webpage address hyperlink in the ASCII message. By going to the link in the message or opening the attachment is where most people get the virus. After deleating the suspicious message I promptly empty my deleated mailbox messages.

This system has worked great for me....

Main rule – if you don't know the email address and haven't requested a file from someone you know don't open...

Rule two – I never open attachments from forwards from people on my email list and tell them that I will not – I deleate them. A couple of pluses here I don't get many forwards and I don't get forwarded virus mails.

Ha! I got one of these only AFTER i read this article.

Maybe now CNN will start to do some serious investigation of spamers. Many of them are ruthless. Say one bad thing about them in public and they swarm on you in a way that not even the Mafia does. The guys who are doing this did it because CNN published a few things about spamers who ended up in jail and they don't like that kind of press because it makes it more likely they will get jail time when they do get caught. These guys aren't just wasting a bit of time, they are in to selling illegal drugs over the net, corrupting the stock market and creation of child porn. One of their favourite tricks is to send a security researcher a bunch of new child porn and then call the local cops for a tip off.

CNN should apply its resources toward catching or preventing this nasty stuff. After all, they are apparently getting their "bait" from CNN. CNN ought to bear some of the responsibility for this.
The good news is that I bit, and the worm attacked my Vista Home Premium / Norton 360 system UNSUCCESSFULLY. It was a NASTY fight, but the attacker lost the battle.

I got a CNN Alert regarding Afghanistan. That's the reason I logged onto CNN.com this evening – to see if I ever signed up for an alert! Then I realized that there was no way I had singed up so it must be a fake. Thanks for the blog posts so we'll know the scoop

Getting them as well, mine are from russia, fortunately i have a Mac and the malware that these bogus e-mails link to does not affect my computer (yet?) CNN should have a group we can send these to like paypal does and some folks working to shut these scumbags down

It is more than just spam. I tried to run one of the videos and was unable. In the process I downloaded a trojan virus program (disguised as a free virus removal program) and my screen was replaced with a blue screen giving a warning saying "Warning! Spyware may be installed on your machine...." I was able to remove the trojan program (with a lot of difficulty) but could not get rid of the blue screen. I had to reformat my boot disc and rebuild the operating system from scratch and reinstall all my programs.

I've had a dozen or so in a couple of days and if I hadn't known any better I'd have downloaded the Worm/Trojan you are asked to install to 'view' the video. I've noticed today, however, that most if not all of the fake sites are either 404 site not found or Firefox warns me that the site is a forgery.

It's been said in this thread several times already, but it's worth saying again: CNN, with or without it's "vast resources", can't do anything about this. To understand why, you'd need a basic understanding of how spam emails like these are created and how they propogate on the internet. Suffice to say, it is way beyond CNN's control.

Here's a thought, though... how about running a story on this kind of thing? Tell people about how these things happen and how to recognize spam and malware. I see this as an excellent opportunity for CNN to help educate the public on these issues. They can't stop it, but they can help to arm people against it.

Gmail did a good job of putting these emails automatically in my SPAM folder.

I also received the "CNN" spam email messages and I checked the "from" field in the email messages and knew that it was not from CNN, I read CNN everyday and will know if I subscribed to the email alerts. The alerts also was in the gmail spam folder

This thing is not just annoying Spam. It is a nasty Trojan horse that will infect your computer if you click on it. These spammers are really criminals, and not just annoying telemarketing types. CNN can not do anything to prevent this sort of thing, but it can expose these scumbags to the light of day. Spammers thrive on hiding who they really are. That's why these spammers pretend to be CNN. CNN should do a news story exposing the spammers true identities.

I use Outlook as my email client. Once I saw these CNN email coming in, I knew right away there were unsolicited spam. I created a rule in Outlook to immediately delete these messages on arrival. So I never see them in my inbox. It is working well so far.

Name of the virus spread by the spam and caugth by my Symantec anti visrus system is "bloodhound".

Well, CNN itself does some major spamming too. I've signed up for the IBC in Amsterdam and have been recieving hundreds of CNN Alerts in my mailbox. There's a link in the mail too unsubscribe, it's not working properly, I am still recieving those annoying CNN Alerts.

Why are you all blaming CNN? You MUST KNOW yourself whether you've signed up to CNN alerts or not. I hadn't so when I got mine, it went straight to my Spam folder.

If you clicked without thinking or looking,. then tough, it's your own fault. Go back to school and take Internet Lessons.

your site is getting better )