CNN Alerts: My Custom Alert malware

After a very long outbreak based on the CNN Dailty Top 10 it’s now time for something different: CNN Alerts: My Custom Alert. This new version brings more of the CNN malware outbreak in a changed lay out but with the same tactics.

Again, the email itself is very nice CNN branded but contains a link that leads you directly to the malware. The senders address is spoofed and is not coming from cnn.com but this is not guaranteed for the future.

The link behind Full Story - so don’t click on this one – brings you to a, in this case, Russian web site where you need to download the proper Flash player to view the video. When you accept the malware file adobe_flash.exe is downloaded.

The trojan has the same specs of the CNN Daily Top 10: Trojan-Downloader.Agent.EL. This trojan will create a new process on an infected machine: %System%\cbevtsvc.exe and creates a new service CbEvtSvc in the system. Quite some registry modifications are being made as well as a direct IP address connection to a remote host on TCP/IP port 443.