Spammers are abusing an open redirect vulnerability in CNN’s ads.cnn.com subdomain in an effort to advertise a shady work-at-home website.
Security expert Janne Ahlberg is the one who brought this new spam campaign to my attention. The spam messages are mostly sent via DMs from compromised accounts.
The spammers lure potential victims with messages that read something like “Let your million dollar turns to reality,” “Work at home and multiply your income with pleasure,” “Great possibility to achieve success” or “The fastest and the easiest way to work online on yourself.”
When users click on the links, they’re taken to a fake news website where they’re presented with the (bogus) story of someone who made a lot of money by working from home. To make everything more legitimate looking, the location of the individual mentioned in the article changes depending on the victim’s IP address.
If you’re from New York, the article will say that someone from New York earned thousands of dollars each month by working in their spare time “on the computer without selling anything.”
As some of you might remember, this isn’t the first time an open redirect vulnerability in a CNN subdomain is leveraged this way. Back in June 2013, spammers abused a security hole in cgi.cnn.com.