Spam Alert: ‘CNN.com Daily Top 10′ Email Contains Malware
What would you do with an email message that had 'CNN.com Daily Top 10' in it's title? You would probably open it and claim it as a trusted email, right? Not so fast! Spammers are using this title to redirect computer users to a site that may spread malicious files onto your computer.
This message comes as if it was sent from a random generated user email address, not the typical CNN.com address. The spam or malspam email comes from the email address Harjinder-lkpn@321facets.com. By the email address alone, it should raise a red flag but with a catchy title like "CNN.com Daily Top 10", many computer users may over-look the domain that it comes from. CNN would never use some unprofessional email address such as the one listed above. Obviously they would use a CNN.com domain or variation of CNN.com.
The website that you may be redirected to from this malicious email looks like it attempts to load a flash video. It stops you dead in your tracks only to display a notification that you have an incorrect version of the Flash player through a message that says "Video ActiveX Object Error. Your browser cannot play this video file." The error prompts you to download and install a new version of Flash if it is clicked on. This is where it gets exciting. The so-called 'flash download' is a malicious Trojan downloader called Trojan-Downloader.Agent.EL. This file first comes as a harmless get_flash_update.exe executable file until it is accessed.
Trojan-Downloader.Agent.EL Details
The Trojan-Downloader.Agent.EL infection has the ability to install other malware onto an infected machine such as the rogue anti-spyware program Antivirus XP 2008. It may go onto create executable files found in the directory %System%\cbevtsvc.exe while creating a new service CbEvtSvc file. The registry of the infected system is also modified in addition to a direct IP address connection is made to a report host via TCP/IP for port number 443. The MD5 is defined as "dabb5a9b431c88c77281bcf1158a9879" for this specific infection.
A Trick to Avoid 'CNN.com Daily Top 10' Message for Outlook Users
Some email messages in Outlook and other web-based mail clients messages initially show up as a series of broken images such as in the 'CNN.com Daily Top 10' message. Many times you will choose to load the images which will enable the website link for when you click on the image. In other words, it will redirect you to the designated site automatically once an image is clicked on. If you choose to bypass or disable image loading, then it will prevent the web links from being active. In this case the 'CNN.com Daily Top 10' message would not be very effective in spreading malware because the embedded image link is not followed.
Recommended Outlook Rule
We know that Outlook cannot block every spam message or send bogus messages to your junk mail folder every time so we suggest manually creating an Outlook rule to help catch messages like the 'CNN.com Daily Top 10'. You can simply create an Outlook rule to look for the specific text in the senders name and move the message containing it to your junk email folder.
To create an Outlook Rule, you must access the 'Rules and Alerts' option within Outlook and add the proper text needed so that it may send emails that meet your criteria to the junk email folder. The image below is an example of this rule being created.
Figure 1. Outlook 2007 recommended rule
Because the current 'CNN.com Daily Top 10' bogus message has been effective in creating havoc over the Internet, we look for other variations of this message to strike again. Creating an Outlook Rule may only go so far in protecting you but it is one step in the right direction to help keep you safe from malicious messages. There is no guarantee that an Outlook rule will block all future emails that are variations of 'CNN.com Daily Top 10' spam email. Also, you may end up blocking legitimate emails from CNN.com in some instances.
Please Note: CNN is not a part of or affiliated with this particular threat nor does CNN operate the website in question. The malicious messages are being sent from random email accounts from infected computers. It is advisable that you keep this infection in mind if you encounter CNN emails.
i have tried several times to creat rules in outlook just as you suggested - i still continue to get many emails from CNN - any other suggestions
thanks
My computer has been running terribly. My email has been freezing up. I've been clicking on CNN, since I subscribe to it & was wondering why I was getting the "flash player needs to be installed" or whatever, when I wasn't clicking onto a video. I couldn't close it out, 'til I agreed to install the flash player & Windows popped up a virus warning. I was getting several Cnn top 10, also, which wasn't normal. I realized, today, that the ISP was NOT CNN's. Today, I checked around & found this site. Thank you for the info. Is there anyway to get rid of this virus or whatever it is? Thanks. Annie
There's also one called "CNN Alerts: My Custom Alert" from "CNN Alerts"
Thanks I've been bombarded with these emails over the last few days so hopefully the outlook rule I've set up will help.
For the last month or so, I have received many of these CNN spam messages. I have tried to find their ISPs concerned, so to send reports and identification of culprits, to no avail. If you can do better at hanging these scum, I submit these email addresses and IP addresses. Good luck. The web is far too important and valuable to let pour down the sewer.
Email address IP number Web site?
detpmoc_1955[at]buy-cheap-checks.com 82.211.244.50
emob1970[at]83springstreetexclusive.com 82-68-134-61
diehdmaa1957[at]ls.csbsju.edu 62-249-237-7
kregelig1984[at]robinsonbrog.com 195.62.18.133
Nadim-siss[at]stonington.com lam006-18513-net-adsl-06.altohiway.com
hek-riviales[at]miraco.com.eg 122.32.74.175
Yunfei-anhenisi[at]pabst.com 124.106.183.145
Nicklas-necirulp[at]i-am-now.com 61.172.193.245
rarrubmi_1994[at]2lucky.nl 90.200.51.121
Chadi-tiaitsin[at]8gnu2dkryah.besttofly.com 24.114.255.83
l{vyt|yh_1984[at]archiesisland.com 190-177-131-203
cityloru_1986[at]flex-a-chart.com 84.236.1.221
esaem1950[at]sfcs.net 117.199.81.155
Ameet-omoireht[at]5pioneers.com 200.89.116.20
Alvina-trohsif[at]nishikawa-gr.co.jp to2-84-91-253-177
foorpsug1981[at]santory.com.mx 68-26-38-23
49-445301973[at]boltondental.com 83-131-20-190
hubertus-ot-ytioh[at]gigadesignonline.ru 212.68.131.121
Good luck.
I have taken the Outlook resource a stage further. In the create rules section, I have listed the CNN details as you show, and have then directed Outlook to "permanently delete". Hey presto, I dont even see the damn things any more.
Hi there.
You guys sure scare me though. I use AVG for Virus protection and Search & Destroy for other nasty bits.
My question is. Is this enough? I don't use my credit card on line nor any shopping. Just a few e-mails, like NASA.
Thanks for warning me.
Regards Bert.
Thanks Adrian, have followed suite... what a relief it will be not to see these emails a hundred times a day!
HOw do we get rid of this if our computers/network is infected. One of our employees actually clicked to download and now it seems we all have it. Our email gets shut down everyday by Spamcop. HELP! We used antivirus software and some specifically malware removal software from bleepingcomputer. But it said it found nothing.
Does anyone know how to get rid of this?
This malware is now coming in as an alert from MSNBC.
As stated above, I have received 21 of the CNN emails, all passed by AVG as free of viruses. Today, I received my second MSNBC email. Both were passed by AVG. But both were considered possible email scams by Thunderbird, a slight improvement. My AVG is upgraded each morning on start-up. Can anyone suggest a safer free anti-virus package? After all, the CNN scam is over a month in operation ... how long does it take for an anti-virus company take to catch up to the rogues?
Robin, you ask how to get rid of the CNN malware Trojan infection ... A worth considering method is described here http://www.411-spyware.com/fake-cnn-alerts-my-custom-alert-email Good luck.
Robin,
It's getting worse ... today I received one of the Greeting Card trojan malware emails When will it end? My AVG allowed it in, claiming no viruses present. Does this mean that the rats are winning?
Oldie, but a goodie.
Hacked again? sick of finding malware sites surfing the net.