Published in News

CNN takes you to malware

by on05 August 2008

Image

Latest trick


Security experts have found that links in the "CNN.com Daily Top 10" email could lead you to sites that host malware.

According to MX Lab messages are being sent from a random generated user email address not on the cnn.com domain. The links behind the top 10 directs you to a Web site pretends that it can't show you a  video because you are running an incorrect Flash player.

A pop up window will ask you to download the correct video codec, an executable called get_flash_update.exe, but this is in fact the Trojan-Downloader.Agent.EL. This trojan can download and installs other malware onto infected machine.

This trojan will, in fact, create a new process on an infected machine: %System%\cbevtsvc.exe and creates a new service CbEvtSvc in the system. Quite some registry modifications are being made as well as a direct IP address connection to a remote host on TCP/IP port 443.

According to MX Lab, quite a few people have fallen for it.
Last modified on 07 August 2008
Rate this item
(0 votes)