CCTV in China is becoming victim of new tricks

Websense Security Labs™ has detected hacking activity targeting CCTV (China Central Television). The hackers utilize CCTV's popularity to distribute malware on the Internet. The malware installs rogue software on the user's computer that hijack browser allowing advertisements, affiliation  traffic, and also pushes up websites' reputation via redirection. We also have detected before such low profile search engine site was pushed up to Alexa rank of almost 9000 via adware visits and hosts malicious injections on its site. Websense customers have been protected against this attack with ACE.

First, the hackers create an imitation CCTV site that has a name that is close to CCTV.COM (e.g. CCTVxxx.COM). On the site they provide a download of the CCTV Box software. Actually, it is just a malware hackers want users to download. CCTV Box is very popular Internet TV software developed by CCTV. With Box, users can easily watch CCTV programs on the Internet. 

Here is an example imitation site:

The malware download has a detection of 6/43 on VirusTotal:

When users run the file on their computer, it automatically installs two executable files:

C:\Program Files\Internet Explorer\update.exe  -- Visual Basic Application
C:\Program Files\imetool\imetool.exe  - UPX packed

Without the user's knowledge, the executables install a set of tool and desktop shortcuts on the computer.

Users are fooled to use the desktop IE shortcuts to launch the web browser, where the front page was modified to go to low profile search engine site as screenshot below , also the desktop taobao.com shortcuts, the most popular online shopping site in China with hidden referral details.

Taobao site redirect:

Search engine site redirect: