MSNBC.com - Breaking News
MSNBC.com - Breaking News, similar to CNN.com Daily Top 10 and CNN Alerts: My Custom Alert is a spam email created by hackers intended to look like it was sent by MSNBC.com. 'MSNBC.com - Breaking News' email poses as a notification email that says:
"BREAKING NEWS: Millions of credit card numbers stolen from bank database, find out if you are affected
Find out more at http://breakingnews.msnbc.com.."
If you click on the hyperlink breakingnews.msnbc.com, you will not be taken to msnbc.com, but instead you'll be redirected to a rogue website where a screen will appear informing you that the Flash player you have has to be updated.
Once you decide to download the Flash player's latest version, you will be downloading abobe_flash.exe file, which is, in reality, a Trojan Downloader. If the Trojan Downloader is installed, it will open a loophole in your computer system through which additional malware and rogue anti-spyware programs (such as, Antivirus XP 2008) will be installed. Beware of emails that have the following email subjects:
msnbc.com - BREAKING NEWS: Millions of credic card numbers stolen from bank database, find out if you are affected
msnbc.com - BREAKING NEWS: Time Warner sells AOL
msnbc.com - BREAKING NEWS: Americans loves to sue people
msnbc.com - BREAKING NEWS: How to save money on gas
To click and download files that are associated with "MSNBC.com - Breaking News" email may lead to a Trojan Downloader infecting your machine which may modify your Windows Registry, cause the "Blue Screen of Death" screensaver to appear, and display a flood of popups and fake system alert messages.
File System Modifications
- The following files were created in the system:
# File Name 1 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg 2 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine 3 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun 4 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU 5 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce 6 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM 7 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce 8 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers 9 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser 10 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects 11 c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Packages 12 c:\Program Files\rhcnkrj0etfg 13 c:\Program Files\rhcnkrj0etfg\database.dat 14 c:\Program Files\rhcnkrj0etfg\license.txt 15 c:\Program Files\rhcnkrj0etfg\MFC71.dll 16 c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL 17 c:\Program Files\rhcnkrj0etfg\msvcp71.dll 18 c:\Program Files\rhcnkrj0etfg\msvcr71.dll 19 c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe 20 c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local 21 c:\Program Files\rhcnkrj0etfg\Uninstall.exe 22 c:\WINDOWS\system32\blphcjkrj0etfg.scr 23 c:\WINDOWS\system32\CbEvtSvc.exe 24 c:\WINDOWS\system32\drivers\54c70b2e.sys 25 c:\WINDOWS\system32\lphcjkrj0etfg.exe 26 c:\WINDOWS\system32\phcjkrj0etfg.bmp 27 c:\WINDOWS\system32\pphcjkrj0etfg.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage"HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen SaverHKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfgHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVCHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\54c70b2eHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvcHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVCHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54c70b2eHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lphcjkrj0etfg"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}rhcnkrj0etfg
Andrea Ramirez , Ms. Encina, Ms. Holt, C. George and all the other employees have committed fraud. I hope everyone who has been scammed, defrauded or taken advantage of needs to contact the FBI and provide information, phone numbers, names ..... anything and everything possible.