Published in
News
CNN takes you to malware
Latest trick
Security experts have found that links in the "CNN.com Daily Top 10" email could lead you to sites that host malware.
According to MX Lab messages are being sent from a random generated user email address not on the cnn.com domain. The links behind the top 10 directs you to a Web site pretends that it can't show you a video because you are running an incorrect Flash player.
A pop up window will ask you to download the correct video codec, an executable called get_flash_update.exe, but this is in fact the Trojan-Downloader.Agent.EL. This trojan can download and installs other malware onto infected machine.
This trojan will, in fact, create a new process on an infected machine: %System%\cbevtsvc.exe and creates a new service CbEvtSvc in the system. Quite some registry modifications are being made as well as a direct IP address connection to a remote host on TCP/IP port 443.
According to MX Lab, quite a few people have fallen for it.