CNN news spam with fake Flash update malware

There is a massive spam session running around with fake e-mails trying to spoof CNN news web site in order to make unsuspecting users download a malware file (get_flash_update.exe in this case).

Sample e-mail message with false links to compromised malware hosting sites:

The footer of the e-mail looks legit:

Large number of compromised sites are already down, but if it is working, you will get the following screen:

Clicking cancel will get you in the loop until you don’t start the “flash update” download:

Malware get_flash_update.exe gets downloaded: