Beware of CNN Alerts E-Mail with ‘adobe_flash.exe’

TOKYO (MacHouse) - More than 12 hours ago, an organized cyber criminal group circulated a spam e-mail message with the title of CNN Alerts: My Custom Alert. (See Screenshot 01.) Sender’s name is shown as CNN Alerts, but the e-mail address appears as Jochen-nerelekk@asbinfo.de. If you take a quick look at the message, it says
Plane carrying US Olympians under terrorist attack
Sat, 9 Aug 2008 08:27:01 -0700
FULL STORY
Another message with the same intention is
Bus killer beheads kid
Sat, 9 Aug 2008 18:57:11 -0700
FULL STORY (See Screenshot 02.)
The underlying URL for the first message is http://tkanie-uzory.ru/cnncurrent.html. For the second message, it’s http://apartbru.be/cnncurrent.html. Anyway, if you have received either e-mail message or something similar, don’t click on the link. Just trash it.
![]() Screenshot 01 - Source: MacHouse |
![]() Screenshot 02 - Source: MacHouse |
![]() Screenshot 03 - Source: tkanie-uzory.ru |
The final destinations are what the underlying URLs say for both cases. The websites are hosted in Russia and France (not Belgium), respectively. For both cases, the web page title is Breaking News Videos from CNN.com. (See Screenshot 03.) If you access either URL, you will be prompted with an error dialogue that says Video ActiveX Ojbect Error. And you won’t get to close it unless you press the Okay button. If you indeed press it, you will be forced to download a file titled adobe_flash.exe. (See Screenshot 04.)
![]() Screenshot 04 - Source: tkanie-uzory.ru |
![]() Screenshot 05 - Source: MacHouse |
![]() Screenshot 06 - Source: Sophos security analysis |
So what is this file? It’s not what it implies is. We used Sophos Anti-Virus to analyze the file. Sophos Anti-Virus says the file contains Mal/EncPk-DA. (See Screenshot 05.) It’s a Trojan Horse derivative, which is believed to cause ‘malicious behavior,’ according to the Internet security expert. (See Screenshot 06.)
Click on the button to watch a documentation video. ![]()
Click on the button to watch more documentation videos. ![]()
References:
Sophos security analysis: Mal/EncPk-DA Malicious behavior
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?

















Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.