Email spammers often try to take advantage of current news and to impersonate legitimate news sites (usually CNN) in order to bypass spam filters and convince recipients to click on a malicious link or open a malicious attachment.
In a recently spotted spam run, 419 advance fee scammers have taken this approach to another level: they are misusing CNN.com‘s “Email This” feature.
As an added bonus, they are tying the request (made allegedly by the “financial minister of Syria”) with a legitimate article about the volatile situation in that country:
To do this is easy as inserting the email of the victim, the email of the sender, copy-paste the scammy text into the appropriate form, and solve the CAPTCHA:
Perhaps they even managed to get their hands on a tool that fills out part or all of these fields automatically.
“This isn’t the first time we’ve seen them abusing a legitimate Web site’s ‘Email This’ feature,” says Webroot’s Dancho Danchev.
“Followed by the most recent abuse of Google Calendar, we’ve also observed 419-ers abusing legitimate Web sites back in 2009 (Dilbert.com and NYTimes.com), and we believe we’ll continue seeing such type of abuse, taking into consideration the fact that 419-ers are constantly seeking for new and pragmatic ways to bypass anti-spam filters.”