CNN Alerts: My Custom Alert malware
August 8, 2008 43 Comments
After a very long outbreak based on the CNN Dailty Top 10 it’s now time for something different: CNN Alerts: My Custom Alert. This new version brings more of the CNN malware outbreak in a changed lay out but with the same tactics.
Again, the email itself is very nice CNN branded but contains a link that leads you directly to the malware. The senders address is spoofed and is not coming from cnn.com but this is not guaranteed for the future.
The link behind Full Story - so don’t click on this one – brings you to a, in this case, Russian web site where you need to download the proper Flash player to view the video. When you accept the malware file adobe_flash.exe is downloaded.
The trojan has the same specs of the CNN Daily Top 10: Trojan-Downloader.Agent.EL. This trojan will create a new process on an infected machine: %System%\cbevtsvc.exe and creates a new service CbEvtSvc in the system. Quite some registry modifications are being made as well as a direct IP address connection to a remote host on TCP/IP port 443.
yep, i got this one too.
OK, it’s a virus, so is there a removal tool , a fix or a repair fact sheet?
I didn’t remember signing up for CNN alerts, so i moused over the links and saw that the “Full Story” link was to .ru site. This is going to get a lot of people.
My company received this on 08/08.
Return-path
Reply-to aruoneki1977@rovsing.dk
MIME-version 1.0
Content-type TEXT/HTML; charset=US-ASCII
X-pstn-neptune 500/473/0.95/61
X-pstn-levels (S:60.16853/99.90000 CV:99.9999 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings 4 (1.5000:1.5000) s cv gt3 gt2 gt1 r p m c
X-pstn-addresses from [db-null]
Alert Name: My Custom Alert
Depression and sadness will kill you, so lighten up here
Fri, 8 Aug 2008 10:17:45 +0300
FULL STORY
——————————————————————————–
You have agreed to receive this email from CNN.com as a result of your CNN.com preference settings.
To manage your settings click here.
To alter your alert criteria or frequency or to unsubscribe from receiving custom email alerts, click here.
——————————————————————————–
Cable News Network. One CNN Center, Atlanta, Georgia 30303
© 2008 Cable News Network.
A Time Warner Company
All Rights Reserved.
View our privacy policy and terms.
I have to wonder how someone who didn’t sign up for any alerts would be fooled into this. I looked over at the email address and it was from someone at fedex.com. How wonderful that these two companies would send me alerts without my request! If only they could send me information about cheap imitation watches, free ViagraCialis and cheep Bacheloor Degrees, then I’d be a happy man.
Pingback: Another Trojan from CNN Alerts: My Custom Alert Email
Pingback: Top Posts « WordPress.com
I started receiving these last week – and as I don’t ever watch CNN, I just junk ‘em.
The reason some smart people (like me) open these e-mails or in my case tried to edit my subscription to stop getting this alerts is because I am a CNN breaking news subscriber and I thought this was a new feature of my legit CNN service. I now have the blue screen of death whenver I try to boot up. My top-notch security software (Sana Security) missed this one. It’s behavorial based so I don’t understand how it got through. I guess I invited it by running the flash player update program myself. My tech guys are trying to see what we can do to get me up and running again. Does anyone know of any repair scripts or fixes for this nightmare?
Pingback: talfryn.net » Blog Archive » Fake CNN
What to do? Well, after several years of these sorts of attacks – attacks that somehow sneak in under firewalls and the best anti-virus software that money can buy, I finally gave up the ghost – and installed UBUNTU Linux. Now I am surfing once again unprotected. It’s just like to old days on the web – circa 1995 – when we were innocent. The malware still arrives; I have been receiving CNN alerts too. But, it doesn’t matter. The UBUNTU operating system is alien to these viruses and any attempt this malware makes to install itself on an UBUNTU machine produces a beautiful stillborn viral fetus. I am sure there are hundreds of dead viruses on my machine but Linux users just yawn. We don’t use virus control, spyware control, or firewalls for that matter. Good luck with your continuing fight against the forces of darkness – better yet why not just ditch XP, Vista, and the rest of that Microsoft crap and install UBUNTU – it’s free, fast, and cool.
Russ McNeil…
I doubt a person who would be fooled into installing this malware would have a enough computer knowledge to install a different OS then Windows.
You may not need virus or spyware removal software since using Linux but hope you are using a firewall. I won’t just depend on your router to keep your box from being rooted.
It is obvious that these “viruses” are created by the compagnies who sells the “anti-virus” toolls… How long this stupid game will continue ?
Ok, if you are dumb enough to accept this, you probably deserve it.
NEVER NEVER NEVER click on a link from an unknown sender, and if you do, NEVER NEVER NEVER NEVER (did I say that enough?) run an executable from a suspicious email such as this.
So many problems like this can be avoided. Now I get this email all the time because someone else isn’t surfing responsibly.
Ok, these are not created by the companies who create these tools or it is an advertisement for a product or company. There are plenty of idiots who think it is cute to do and don’t have anything but time to waste.
They are often created by the organization that is shown in it. I am not blaming CNN but have you seen the video where they show where 3 or more cell phones are placed on a table, and it pops the kernels of popcorn when all of the phones are called. Its another hoax, but it is an advertisement.
As long as people believe their internet petitions and boycotts work, that their email is tracked and when they send it to 7 people, they will have a special surprise, or that the phone will ring after they forward their email, we will need these companies to write programs to fix their problems because they are so gullible!
If they just watch Foxnews (www.foxnews.com), they will be informed with no left leaning.
In answer to Wes, if they watch Fox news, they will definitely not get a left bias but rather an extreme-right one.
I got that email alert as well and it has bugger all to do with CNN… Saying that is simply bewildering. I will not reply to your subsequent email since this is not the place for that type of discussion but, having seen both CNN and Fox News, I can tell you that I have far more respect for the former that I have for the latter and, by the way, I tend toward a moderate right when it comes to politics. I just despise idiocy and your comment was just that.
Goto http://www.malwarebytes.com and download their freeware and run a scan (twice, once again after the re-start). It scrubs this spyware and all its extensions completely as far as I can tell.
Hey guys,
In terms of a removal tool for the virus, here’s the skinny/bad news. An office mate downloaded it to his computer and I spent the majority of today editing the registry, removing .dll files, etc and none of it worked. Basically, unless you have the most recent virus definitions (which you can’t download once infected), you’re probably not going to be able to quarantine or fix the file, and certainly not remove it.
Basically, my advice is to save yourself the time and trouble. Perform a system restore to a date prior to 8/8/08 to get your computer back to normal. You may lose a few files from the weekend, but you’ll be able to download current virus definitions should you become infected again.
Best of luck.
O.K. I got nailed. The Antivirus xp 2008 and Blue Screen Joke viruses infected my computer after I opened up the CNN email and tried to update the Flashplayer (I know, what was I thinking – apparently I wasn’t). Most of the files were removed by using Spyhunter, and some I had to do manually in the registry so that I could get my desktop background back to normal. The virus takes over the System Restore function. I still have not managed to get that back. Anybody have any ideas? McAfee totally messed up on this one. Only after being infected did it find the contaminating files.
http://www.removal-instructions.com/removeCNNcomDailyTop10.html. This list of files to be deleted may help. phcjkrj0etfg in many of the bad files is not exactly what I had, but j0e seems to be common within all of the files.
Also check out: http://www.precisesecurity.com/blogs/2008/06/26/antivirus-xp-2008/
See comment number 3 by Rudi, he gives very clear instructions on how to clean your registry values.
use: http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008 to get rid of the Blue screen/aintivirus XP 2008 crap
Mike-Thanks. Used a variety of spyware cleaners/removers. Each one found something a little bit different. Which is good. I think my computer is pretty clean. But, I still can’t get my SYSTEM RESTORE to work. It’s obviously a phony screen that won’t allow me to go back to a previous date. Any ideas?
Pingback: CNN Trojan Variant - My Custom Alert | On-site Computer Solutions
Pingback: CNN Alerts: My Custom Alert | Bill's Blog
If I did not click on “Full Story” but did “‘click here’ to remove myself from future subscriptions,” could I have been infected by this virus? the “click here” link brought me to a blank CNN look-alike web site where I did NOT download or update anything. Any thoughts on what I should do besides run a sweep?
I got a cnn email yesterday. Opened it, got the virus, or whatever it is. I spent hours and downloaded several malware/spyware programs, which were all unsuccessful at first, and wasted alot of my time.
I finally downloaded Malwarebytes Antimalware, and it worked like a charm. Search them in google. This program really worked, and you didn;t have to go into the registry yourself, etc. It was quite easy. Don’t wast time like I did – take my advise use the malwarebytes.
I found your site on technorati and read a few of your other posts. Keep up the good work. I just added your RSS feed to my Google News Reader. Looking forward to reading more from you down the road!
Wonder if that’s what’s wrong with my computer. I did open one of CNN’s. I use Commodo Firewall & Commodo Antivirus. I’ll go into the Commodo forum & see what’s being said about it.
Did anyone get the virus by simply opening the email, or do you have to actually download something from the website? I opened the mail, but was not prompted to update or download anything on my computer. (My PC always asks permission to proceed everytime I download something, and no window came up asking me to do so). Any ideas how nervous I should be? Trend Micro AntiVirus did find a file today with a possible Trojan attached to it and I deleted it- I don’t know if that’s related. Will someone please let me know your opinion on how nervous I should be? How will I know if my PC IS infected?
Pingback: Ask Jack : Gadgets
Imagine it’s a night out, where opening emails = kissing a stranger. You wouldn’t have unprotected sex, would you? Be careful what you invite into your computer and use a digital condom, ferchrissake…
@ Russ McVeal
I absolutely agree…
but perhaps you should not spread the word aroound too much because all these hackers and malware creators will be tempted to produce Linux based stuff if (and when) the Linux user base becomes critically large enough to lure them!!!
)
@ Russ Mc Neil …(sorry for typo)
Pingback: Zakhas.net - Light Fast Online Newspaper
Is there a fix to this problem?
“If only they could send me information about cheap imitation watches, free ViagraCialis and cheep Bacheloor Degrees, then I’d be a happy man.”
Someone needs to bring the FBI to acount the perpetraters behind the malicious intent?
IC3 (Do your job, punks.)
It got me……..I recently got access to a company account that I hadn’t been able to open before. I was cleaning it up and changing settings and subscriptions from the former employee who’d used it. It didn’t seem a stretch that she could have had a CNN subscription……..
It got me too….I made the stupid mistake when I was tired one night of opening the CNN alerts knowing I didn’t subscribe to such alert. Well it cost me $100.00 thru DellConnect to get the computer back up and running. I have a Dell computer that is 3 years old…If you have a Dell computer I definately recommend calling DellConnect…Its expensive but worth it …..
Just a thought for the future. Make a disk image of your system at a point in time when you know that it is good (no viruses, malware, and when you have all of your programs installed). Do regular (ideally daily) backups of your data files and then if you are hit by one of these viruses just restore the disk image and your data.
Check out http://ping.windowsdream.com/ for a free program to easily create and restore disk images.
Purchast it for a lower price.
Have you ever tried Search-and-destroy? If you answered no, then you should give it a try. Over the years I have used many different types of antispyware and this is one of the best that I have ever tried. I was surprised and delighted to find that I could purchase it for a lower price than I could buy Norton and other similar scans that produce the same results. That makes it even better. Antispyware solution from Search-and-destroy can find the same kinds of bugs as these more expensive programs and is easy to get. Just click here search-and-destroy and you can see how well it really works for yourself.
Michelle and Danielle, Just opening the e-mail wont o anything. Hackers haven’t figured out how to cause a problem y doing that yet. You either have to click on a link to a website or open an attachment to get a virus or malware. Personally I don’t even download e-mail to my computer. I go to the website and check my mail. I leave all e-mail on the company’s server. Don’t like outlook or Thunderbird. If I want to save the contents of an e-mail like a picture or text to my computer I just save it. Never had a problem going to yahoo’s website or aol’s website to do this. my ISP (iowatelecom) is a different story though. They arn’t any good at blocking spam even if you pay the extra fee for it. So I don’t even use that e-mail address anymore.
This may sound extremely amateurish, but does deleting browsing history, temporory internet files, cookies, passwords, phish etc. offer any protection? I lost my job due to lay-off after 25 years, and after posting resumes and cover letters on Monster, Resume Rabbit, Careerbuilder, and any free internet job board possible, I have been buried in work from home as a ‘financial admin asst’ and other such odious BS job offers. If I had to put a name to them, they all appear to be best described as clones of the Nigerian money scam. Some of them are an insult to a greenhorn’s intelligence, some look possibly legit, but all have dead giveaways. I have taken to lately responding via email that I know they are a scam, and a few words I cannot repeat here, ending with …you human filth. Is it dangerous to reply to their emails?
Im currently working on how to erase it can anyone one link that fake web page to me my team will take a look into it please this is very important this virus could steal credit card information etc once it is set i will see if i can get a fix to it so far it uses random emails to different people so i found a lawyer and a highschool but so far no link at the moment etc please take a look and foward me that email to therealphantomzero@yahoo.com no guarantees but will take a lok into it