8. August 2008 by Myke.

What happens when you work for a French Security magazine and you attend a Black Hat security conference and start sniffing the network…you get thrown out.  Even though they claim the mishap to be a joke, Black Hathad nothing to do with it.  The three men thrown out were Dominique Jouniot, Mauro Israel and Marc Brami.  The men work for Global Security Mag, which was a media sponsor of the event held in Las Vegas.

Comment - “It was a big mistake,” Brami said via telephone. “(Israel) said it was a joke and that he didn’t think it was important.” - You attend a security event and start sniffing the network to steal passwords and you seriously thought it was not important.  Really?  Really?!?

The full story can be found at cnet.com.

posted by: Myke Reinhold

Posted in Security | No Comments »

8. August 2008 by admin.

So, I’m not sure if any of you have run into this (if I were a betting man I’d say yes) but the latest round of malware distribution is taking the net by storm in the form of fake CNN news items. You may notice some items in your inbox that have the following subject line:

“CNN.com Daily Top 10” & “CNN Alerts: My Custom Alert”

 While opening the mail doesn’t actually do anything to your system, following the links can set you up for disaster. Once clicked the link will take you to a fake cnn.com page that will prompt you for an install of a viewer. Typically flashupdate.exe; get_flash_update.exe and watchmovie.mpg.exe. Once installed it leaves your systems open to a variety of issues.

 Be on the lookout people. As usual, don’t install things you don’t know about, don’t install stuff you think you’ve already installed and if you’re in any way confused. Click cancel and email or call your IT support.

–

Also something to be aware of. There has been a rash of similar type installations being prompted on social networking sites such as myspace.com and facebook.com. The same rules as above apply. Be smart, be safe!

–

 post mirrored on: travis.sarbin.net

Edit to post by Myke Reinhold:

This message comes as if it was sent from a random generated user email address, not the typical CNN.com address. The spam or malspam email comes from the email address Harjinder-lkpn@321facets.com. By the email address alone, it should raise a red flag but with a catchy title like “CNN.com Daily Top 10″, many computer users may over-look the domain that it comes from. CNN would never use some unprofessional email address such as the one listed above. Obviously they would use a CNN.com domain or variation of CNN.com.

The website that you may be redirected to from this malicious email looks like it attempts to load a flash video. It stops you dead in your tracks only to display a notification that you have an incorrect version of the Flash player through a message that says “Video ActiveX Object Error. Your browser cannot play this video file.” The error prompts you to download and install a new version of Flash if it is clicked on. This is where it gets exciting. The so-called “flash download” is a malicious Trojan downloader called Trojan-Downloader.Agent.EL. This file first comes as a harmless get_flash_update.exe executable file until it is accessed.

Trojan-Downloader.Agent.EL Details
The Trojan-Downloader.Agent.EL infection has the ability to install other malware onto an infected machine such as the rogue anti-spyware program Antivirus XP 2008. It may go onto create executable files found in the directory %System%\cbevtsvc.exe while creating a new service CbEvtSvc file. The registry of the infected system is also modified in addition to a direct IP address connection is made to a report host via TCP/IP for port number 443. The MD5 is defined as “dabb5a9b431c88c77281bcf1158a9879″ for this specific infection.
A Trick to Avoid “CNN.com Daily Top 10″ Message for Outlook Users
Some email messages in Outlook and other web-based mail clients messages initially show up as a series of broken images such as in the “CNN.com Daily Top 10″ message. Many times you will choose to load the images which will enable the website link for when you click on the image. In other words, it will redirect you to the designated site automatically once an image is clicked on. If you choose to bypass or disable image loading, then it will prevent the web links from being active. In this case the “CNN.com Daily Top 10″ message would not be very effective in spreading malware because the embedded image link is not followed.

Recommended Outlook Rule
We know that Outlook cannot block every spam message or send bogus messages to your junk mail folder every time so we suggest manually creating an Outlook rule to help catch messages like the “CNN.com Daily Top 10″. You can simply create an Outlook rule to look for the specific text in the senders name and move the message containing it to your junk email folder.   To create an Outlook Rule, you must access the “Rules and Alerts” option within Outlook and add the proper text needed so that it may send emails that meet your criteria to the junk email folder. The image below is an example of this rule being created.

Outlook 2007 recommended rule
Because the current “CNN.com Daily Top 10″ bogus message has been effective in creating havoc over the Internet, we look for other variations of this message to strike again. Creating an Outlook Rule may only go so far in protecting you but it is one step in the right direction to help keep you safe from malicious messages. There is no guarantee that an Outlook rule will block all future emails that are variations of “CNN.com Daily Top 10″ spam email. Also, you may end up blocking legitimate emails from CNN.com in some instances.
Please Note: CNN is not a part of or affiliated with this particular threat nor does CNN operate the website in question. The malicious messages are being sent from random email accounts from infected computers. It is advisable that you keep this infection in mind if you encounter CNN emails.

Posted in Security | No Comments »