CNN Daily Top 10 leads users to site hosting malware

Following the links in the CNN.com Daily Top 10 email could lead you to sites that hosts malware. MX Lab detected and intercepted the first messages at around 7:48 PM local Belgian time and is monitoring an outbreak of this type.

Malware authors are abusing CNN by using the logo, the lay out and the concept of the CNN Daily Top 10 to distribute emails with URLs that point to sites that host malware.

The messages itself is sent from a random generated user email address not on the cnn.com domain. The links behind the top 10 directs you to a web site that should show you the video but instead gives you an error that an incorrect Flash player is installed.

A pop up window will ask you to download the correct video codec, an executable called get_flash_update.exe, but this is in fact the Trojan-Downloader.Agent.EL. This trojan ca an download and installs other malware onto infected machine.

This trojan will in fact create a new process on an infected machine: %System%\cbevtsvc.exe and creates a new service CbEvtSvc in the system. Quite some registry modifications are being made as well as a direct IP address connection to a remote host on TCP/IP port 443.

Virus Total permalink and MD5: dabb5a9b431c88c77281bcf1158a9879.

Remark: CNN is not responsible for the CNN Daily Top 10 that contained URLs to sites that host malware in the form of a downloadable Flash codec.