Home Malware Programs Trojans CNN.com Daily Top 10

CNN.com Daily Top 10

Posted: August 6, 2008

CNN.com Daily Top 10 is a spam email created by hackers intended to look like it was sent by CNN.com International. CNN.com Daily Top 10's content is a list of links with the top ten stories of the day, however, none of the links provided by CNN.com Daily Top 10 will redirect you to any website related to CNN. CNN.com Daily Top 10 links will redirect you to a rogue website where a screen will show informing you that the Flash player you have has to be updated. In order to see the website's content you're supposed to download the Flash player's latest version.

Once you decide to download the Flash player's latest version, you will be downloading get_flash_update.exe file, which is, in reality, a Trojan Downloader called Trojan-Downloader.Agent.EL. If the Trojan Downloader is installed, it will open a loophole in your computer system through which additional malware and rogue anti-spyware programs (such as, Antivirus XP 2008) will be installed.

CNN.com Daily Top 10 may hijack your desktop background, displaying a warning message stating that your computer is infected with spyware. Moreover, your screensaver is most likely to change to SysInternals BlueScreen Screen Saver, which will later cause your operating system to crash and show a blue screen of death. Possible Blue screen of death's messages are:

"NO_MORE_IRP_STACK_LOCATIONS
PAGE_FAULT_IN_NONPAGED_AREA
SYSINTERNALS_GREAT_SITE
MAXIMUM_WAIT_OBJECTS_EXCEEDED
BOGUS_DRIVER
BAD_POOL_HEADER
IRQL_NOT_LESS_OR_EQUAL
KMODE_EXCEPTION_NOT_HANDLED
UNEXPECTED_KERNEL_MODE_TRAP
PANIC_STACK_SWITCH"

Furthermore, CNN.com Daily Top 10 may modify your Windows Registry. CNN.com Daily Top 10's fraudulent activities may cause a flood of popups and fake system alert messages.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
    2 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
    3 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
    4 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
    5 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
    6 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
    7 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
    8 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
    9 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg
    10 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine
    11 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun
    12 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
    13 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
    14 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
    15 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
    16 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
    17 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
    18 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
    19 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Packages
    20 c:\Program Files\rhcnkrj0etfg
    21 c:\Program Files\rhcnkrj0etfg\database.dat
    22 c:\Program Files\rhcnkrj0etfg\license.txt
    23 c:\Program Files\rhcnkrj0etfg\MFC71.dll
    24 c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
    25 c:\Program Files\rhcnkrj0etfg\msvcp71.dll
    26 c:\Program Files\rhcnkrj0etfg\msvcr71.dll
    27 c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
    28 c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
    29 c:\Program Files\rhcnkrj0etfg\Uninstall.exe
    30 c:\WINDOWS\system32\blphcjkrj0etfg.scr
    31 c:\WINDOWS\system32\CbEvtSvc.exe
    32 c:\WINDOWS\system32\drivers\54c70b2e.sys
    33 c:\WINDOWS\system32\lphcjkrj0etfg.exe
    34 c:\WINDOWS\system32\phcjkrj0etfg.bmp
    35 c:\WINDOWS\system32\pphcjkrj0etfg.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage"HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen SaverHKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfgHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVCHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\54c70b2eHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvcHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVCHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54c70b2eHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lphcjkrj0etfg"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}rhcnkrj0etfg
Loading...