The New York State Office of Cyber Security and Critical Information Coordination (NYCSCIC) has issued a warning about fake email from CNN.

“Beginning on August 5, 2008 reports of mass emails claiming to be from the CNN.com news Web site began to surface. Currently the subject of the email is "CNN.com Daily Top 10". These emails are not from CNN, and contain web links to malicious sites that will attempt to install malware purporting to be an Adobe Flash Player upgrade. The MS-ISAC has received reports from multiple states including Michigan, New York, North Carolina and Wisconsin, indicating their users have received these emails.

These emails have been circumventing spam filters and utilizing html-based messages including the CNN web site logo and very enticing headlines to lure unsuspecting recipients into clicking on the links for news stories which are actually downloads of malware from various web sites. Reports indicate that hundreds of web servers may be compromised and hosting this malicious content. The use of news and current events
are a proven and effective social engineering tool.

As the 2008 Olympics will be starting Friday, August 8, we anticipate spammers, phishers, and other online attackers may use bogus "Olympic-themed" headlines in their scams. We recommend that organizations use this as an opportunity to remind users to use caution when handling suspicious or unexpected email messages and URLs.”