News & Press releases

CNN Daily Top 10 leads users to site hosting malware
4 August 2008

Following the links in the CNN.com Daily Top 10 email could lead you to sites that hosts malware. MX Lab detected and intercepted the first messages at around 7:48 PM local Belgian time and is monitoring an outbreak of this type.

The messages itself is sent from a random generated user email address not on the cnn.com domain. The links behind the top 10 directs you to a web site that should show you the video but instead gives you an error that an incorrect Flash player is installed.

A pop up window will ask you to download the correct video codec, an executable called get_flash_update.exe, but this is in fact the Trojan-Downloader.Agent.EL. This trojan ca an download and installs other malware onto infected machine.

This trojan will in fact create a new process on an infected machine: %System%\cbevtsvc.exe and creates a new service CbEvtSvc in the system. Quite some registry modifications are being made as well as a direct IP address connection to a remote host on TCP/IP port 443.

Virus Total permalink and MD5: dabb5a9b431c88c77281bcf1158a9879.

back to news