Beware-of-the-cnncom-daily-top-ten-email or CNN alert.

This e-mail poses as "The Daily Top 10" from CNN. The funny thing about this email ... When HTML is enabled, you see something completely different from what you see in plain text. Viewed in plain text, the links go to real videos on CNN. The unsubscribe link at the bottom is very convincing as your email is part of the URL linking to CNN.(IMG:http://www.bluetack.co.uk/Kimberly/Logs/mail11.jpg)

When viewed in HTML, the same malicious link hides behind the headlines of the top 10 videos / stories and leads us to a fake Flash upgrade.
(IMG:http://www.bluetack.co.uk/Kimberly/Logs/mail10.jpg
(IMG:http://www.bluetack.co.uk/Kimberly/Logs/mail12.jpg)

This little "visual" trick is archived using
Content-type: multipart/alternative; boundary=[removed] the in the email.

"CNN.com Daily Top 10”. Here is what the email contains:

CNN.com daily top ten email

Don't click these links. because they might be highly dangerous viruses, malware, Trojans or something else nasty.

You are offered nude videos of Angelina Jolie, celebs seen nude on the beach and similar. DO NOT be tempted to have a peek. Once you have clicked you are infected with a Trojan virus. If you are Outraged of Oxted or Livid of Limpsfield by the content and frequency (I receive about ten a day) do not be tempted to click the 'unsubscribe' link. This will also implant a Trojan on your system and also tell the malicious sender that you exist!

In any case, I recommend that you neither send nor receive messages as html. The message can put a window off your screen but contain malicious content although it is invisible to you. Also, behind that pretty coloured background can exist invisible links to anywhere - malicious sites, porn, gambling etc.

What should you do?

1. Delete the e-mail, not just from your Inbox but from Spam or Junk folder where is might be consigned.
2. Buy some anti-virus/firewall software. Make sure you use it properly. Left to its own will not guarantee protection.
3. In addition to running your anti-virus program, download Lavasoft Ad-aware and Spybot Search & Destroy. Google will find the best download sites for you. They are free to non-business users. Run both programs and you will be surprised at what they reveal and how you can eliminate problems!

Virus Threat - Trojan.Peacomm (copy from Symantec)

Trojan.Peacomm is one of a number of spamming Trojan horse programs Symantec has seen lately that appear to originate from Russia and are clearly aimed at making money for the author by pumping up penny stocks. The victim is enticed through social engineering techniques to open an attachment, which typically appears to be a video clip on a recent, newsworthy event.

The trojan horse arrives as an attachment to an email purporting to contain a video of one of several different recent news stories. The email itself will have no message body, but will have one of several subject lines such as "A killer at 11, he's free at 21 and kill again!," "Fidel Castro Dead," "Re: Your Text." For a complete list of subject lines

•   * A killer at 11, he's free at 21 and kill again!
•   * U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
•   * British Muslims Genocide
•   * Naked teens attack home director.
•   * 230 dead as storm batters Europe.
•   * Re: Your text
•   * Radical Muslim drinking enemies's blood.
•   * Chinese missile shot down Russian satellite
•   * Chinese missile shot down Russian aircraft
•   * Chinese missile shot down USA aircraft
•   * Chinese missile shot down USA satellite
•   * Russian missile shot down USA aircraft
•   * Russian missile shot down USA satellite
•   * Russian missile shot down Chinese aircraft
•   * Russian missile shot down Chinese satellite
•   * Saddam Hussein safe and sound!
•   * Saddam Hussein alive!
•   * Venezuelan leader: "Let's the War beginning".
•   * Fidel Castro dead.

Attachment:

One of the following:

•   * FullVideo.exe
•   * Full Story.exe
•   * Video.exe
•   * Read More.exe
•   * FullClip.exe
•   * GreetingPostcard.exe
•   * MoreHere.exe
•   * FlashPostcard.exe
•   * GreetingCard.exe
•   * ClickHere.exe
•   * ReadMore.exe
•   * FlashPostcard.exe
•   * FullNews.exe

What is a Trojan Horse?

This term "Trojan Horse" comes from a Greek fable, in which the Greeks presented a giant wooden horse to the Trojans as a peace offering. However, a nasty surprise awaited the Trojans as Greek soldiers sprung out of the hollow horse and captured Troy. Similarly, a Trojan horse program presents itself as a useful computer program, while it actually causes havoc and damage to your computer.

Increasingly, Trojans are the first stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer through vulnerabilities in web browser software such as Microsoft Internet Explorer.

After it is installed, the Trojan horse lurks silently on the infected machine, invisibly carrying out its misdeeds, such as downloading spyware, while the victim continues on with their normal activities.