Spammers Abuse Open Redirect Vulnerability in CNN Subdomain


Twitter spam run abuses vulnerability in CNN subdomain

Spammers are abusing an open redirect vulnerability in CNN’s ads.cnn.com subdomain in an effort to advertise a shady work-at-home website.

Security expert Janne Ahlberg is the one who brought this new spam campaign to my attention. The spam messages are mostly sent via DMs from compromised accounts.

The spammers lure potential victims with messages that read something like “Let your million dollar turns to reality,” “Work at home and multiply your income with pleasure,” “Great possibility to achieve success” or “The fastest and the easiest way to work online on yourself.”

When users click on the links, they’re taken to a fake news website where they’re presented with the (bogus) story of someone who made a lot of money by working from home. To make everything more legitimate looking, the location of the individual mentioned in the article changes depending on the victim’s IP address.

If you’re from New York, the article will say that someone from New York earned thousands of dollars each month by working in their spare time “on the computer without selling anything.”

As some of you might remember, this isn’t the first time an open redirect vulnerability in a CNN subdomain is leveraged this way. Back in June 2013, spammers abused a security hole in cgi.cnn.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s