What would you do with an email message that had 'CNN.com Daily Top 10' in it's title? You would probably open it and claim it as a trusted email, right? Not so fast! Spammers are using this title to redirect computer users to a site that may spread malicious files onto your computer.
This message comes as if it was sent from a random generated user email address, not the typical CNN.com address. The spam or malspam email comes from the email address Harjinderfirstname.lastname@example.org. By the email address alone, it should raise a red flag but with a catchy title like "CNN.com Daily Top 10", many computer users may over-look the domain that it comes from. CNN would never use some unprofessional email address such as the one listed above. Obviously they would use a CNN.com domain or variation of CNN.com.
The website that you may be redirected to from this malicious email looks like it attempts to load a flash video. It stops you dead in your tracks only to display a notification that you have an incorrect version of the Flash player through a message that says "Video ActiveX Object Error. Your browser cannot play this video file." The error prompts you to download and install a new version of Flash if it is clicked on. This is where it gets exciting. The so-called 'flash download' is a malicious Trojan downloader called Trojan-Downloader.Agent.EL. This file first comes as a harmless get_flash_update.exe executable file until it is accessed.
The Trojan-Downloader.Agent.EL infection has the ability to install other malware onto an infected machine such as the rogue anti-spyware program Antivirus XP 2008. It may go onto create executable files found in the directory %System%\cbevtsvc.exe while creating a new service CbEvtSvc file. The registry of the infected system is also modified in addition to a direct IP address connection is made to a report host via TCP/IP for port number 443. The MD5 is defined as "dabb5a9b431c88c77281bcf1158a9879" for this specific infection.
A Trick to Avoid 'CNN.com Daily Top 10' Message for Outlook Users
Some email messages in Outlook and other web-based mail clients messages initially show up as a series of broken images such as in the 'CNN.com Daily Top 10' message. Many times you will choose to load the images which will enable the website link for when you click on the image. In other words, it will redirect you to the designated site automatically once an image is clicked on. If you choose to bypass or disable image loading, then it will prevent the web links from being active. In this case the 'CNN.com Daily Top 10' message would not be very effective in spreading malware because the embedded image link is not followed.
Recommended Outlook Rule
We know that Outlook cannot block every spam message or send bogus messages to your junk mail folder every time so we suggest manually creating an Outlook rule to help catch messages like the 'CNN.com Daily Top 10'. You can simply create an Outlook rule to look for the specific text in the senders name and move the message containing it to your junk email folder.
To create an Outlook Rule, you must access the 'Rules and Alerts' option within Outlook and add the proper text needed so that it may send emails that meet your criteria to the junk email folder. The image below is an example of this rule being created.
Figure 1. Outlook 2007 recommended rule
Because the current 'CNN.com Daily Top 10' bogus message has been effective in creating havoc over the Internet, we look for other variations of this message to strike again. Creating an Outlook Rule may only go so far in protecting you but it is one step in the right direction to help keep you safe from malicious messages. There is no guarantee that an Outlook rule will block all future emails that are variations of 'CNN.com Daily Top 10' spam email. Also, you may end up blocking legitimate emails from CNN.com in some instances.
Please Note: CNN is not a part of or affiliated with this particular threat nor does CNN operate the website in question. The malicious messages are being sent from random email accounts from infected computers. It is advisable that you keep this infection in mind if you encounter CNN emails.