• by Liz Tascio , September 30, 2008

Breaking news: Spam still sucks. But at least it's getting more interesting, both in technique and entertainment value. A recent wave designed to look like personalized news updates from CNN and MSNBC featured whiplash-inducing subject lines like "McCain Gives Up Fighting for Presidency" and the deliciously punny "Sarah Jessica Parker Arrested for Gross Negligee."

"The CNN and MSNBC [spams] are classic examples of social engineering," says Sam Masiello, vice president, information security at MX Logic, an online security firm. "Sometimes the more outlandish the story claims to be, the more alluring it is for someone to want to read more about."

The CNN wave hit first, in early August; at its peak, MX Logic was tracking 11 million messages per hour, Masiello says. Users who opened the messages were directed to click on a link for video; malware then turned the computer into a spam-sending machine.

Both waves likely came from the same organization, Masiello says. Between Aug. 4 and Aug. 25, MX Logic saw more than 920 million fake news updates. "Even if one-tenth of 1 percent of people 'accidentally' opened the message, that would translate into thousands or even tens of thousands of people."

Getting your malware delivered with a pun is like learning your house is in foreclosure via singing telegram - it almost takes the sting out.