{"id":803,"date":"2008-08-06T09:15:54","date_gmt":"2008-08-06T08:15:54","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/803-cnn-daily-top-10-spam-email-shows-failure-of-user-education.html"},"modified":"2008-08-06T09:15:54","modified_gmt":"2008-08-06T08:15:54","slug":"cnn-daily-top-10-spam-email-shows-failure-of-user-education","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/803-cnn-daily-top-10-spam-email-shows-failure-of-user-education.html","title":{"rendered":"CNN Daily Top 10 spam email shows failure of user education"},"content":{"rendered":"<p>Virus propagation follows an evolutionary pattern \u2013 the ones we see are the survivors, that have the right balance of technical ingenuity and social psychology to get themselves installed. I therefore conclude that lots of people have clicked Continue on sight of the following dialog, which you get if you follow a link on the CNN Daily Top 10 spam email doing the rounds right now (I have had it over 20 times):<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/www.itwriting.com\/images\/cnnvirus.gif\" \/> <\/p>\n<p>In FireFox it is even cruder \u2013 just a link to a viral executable, click OK or cancel.<\/p>\n<p>What gets me is that this is such an obvious virus. Here\u2019s several clues:<\/p>\n<ul>\n<li>The URL for the page is not cnn.com<\/li>\n<li>The supposed Flash placeholder image is obviously faked. It says \u201cFlash Player 0\u201d is installed<\/li>\n<li>The English is poor<\/li>\n<li>This doesn\u2019t look anything like IE\u2019s normal behaviour when installing a new ActiveX control (it isn\u2019t of course, it is just asking you to download an EXE)<\/li>\n<li>Image missing on the dialog<\/li>\n<li>The dialog doesn\u2019t even mention Flash<\/li>\n<li>I\u2019ve not actually checked, but I\u2019d be astonished if the executable is signed, so the user will have to pass further warnings unless they are running an ancient version of Windows<\/li>\n<li>Of course I already have Flash 9 installed<\/li>\n<\/ul>\n<p>I also presume from the success of the virus that either lots of people don\u2019t have current a\/v software installed, or it didn\u2019t work because it was not updated in time.<\/p>\n<p>Why is this virus succeeding? I imagine because it is trading on two respected brands \u2013 CNN, and the fact that most people are happy to install Flash and know it is OK to do so (the real one, that is).<\/p>\n<p>Shows what a tough job the security guys have. You have to assume people will click OK to almost anything.<\/p>\n<div class=\"wlWriterSmartContent\" id=\"scid:0767317B-992E-4b12-91E0-4F059A8CECA8:fd8908a6-0abd-40eb-a470-ee5725c3d2d1\" style=\"padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px\">Technorati tags: <a href=\"http:\/\/technorati.com\/tags\/security\" rel=\"tag\">security<\/a>, <a href=\"http:\/\/technorati.com\/tags\/windows\" rel=\"tag\">windows<\/a>, <a href=\"http:\/\/technorati.com\/tags\/flash\" rel=\"tag\">flash<\/a>, <a href=\"http:\/\/technorati.com\/tags\/cnn+daily+top+10\" rel=\"tag\">cnn daily top 10<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Virus propagation follows an evolutionary pattern \u2013 the ones we see are the survivors, that have the right balance of technical ingenuity and social psychology to get themselves installed. I therefore conclude that lots of people have clicked Continue on sight of the following dialog, which you get if you follow a link on the &hellip; <a href=\"https:\/\/www.itwriting.com\/blog\/803-cnn-daily-top-10-spam-email-shows-failure-of-user-education.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">CNN Daily Top 10 spam email shows failure of user education<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-803","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=803"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/803\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}