The holidays are just around the corner, so nobody would be amazed to see a rise in spam bearing fake promotions and genuine malware.
One of the worms already making rounds on the web is the W32/Xirtem@MM., a mass mailing worm that also spreads through removable media using autorun.inf, and also by copying itself to Shared folders of Peer-2-Peer applications.
Upon execution, the worm displays the above picture to trick users into believing that it was a harmless image file.
The recent attempts to fool users into installing the malware make use of bogus McDonalds and Coca-Cola Christmas promotion. In order to make the email look genuine, the email includes imagies taken borrowed from the official sites of the afore-mentioned companies. If the user is naïve enough he will open the .zip attachment and get a nasty holiday surprise.
According to McAfee, the worm has a built-in SMTP engine that mass mails copies of itself to email addresses harvested from an infected machine
If infected, the user can expect the following:
- restart/shutdown computer - start/stop services - start/stop keylogger - download/upload files - create/terminate/list process - perform port scanning - modify host file - spread itself by instant messenger - gather passwords that firefox, internet explorer saved - gather account information of instant messenger (msn,yahoo,miranda,aim)
Add to Favorites
Set Home Page
