Holiday E-Card Worm Returns As McDonalds E-Card
The holidays are just around the corner, so nobody would be amazed to see a rise in spam bearing fake promotions and genuine malware.
December 5, 2008
Upon execution, the worm displays the above picture to trick users into believing that it was a harmless image file.
The recent attempts to fool users into installing the malware make use of bogus McDonalds and Coca-Cola Christmas promotion. In order to make the email look genuine, the email includes imagies taken borrowed from the official sites of the afore-mentioned companies. If the user is naïve enough he will open the .zip attachment and get a nasty holiday surprise.
According to McAfee, the worm has a built-in SMTP engine that mass mails copies of itself to email addresses harvested from an infected machine
If infected, the user can expect the following:
- restart/shutdown computer
- start/stop services
- start/stop keylogger
- download/upload files
- create/terminate/list process
- perform port scanning
- modify host file
- spread itself by instant messenger
- gather passwords that firefox, internet explorer saved
- gather account information of instant messenger (msn,yahoo,miranda,aim)