Upon execution, the worm displays the above picture to trick users into believing that it was a harmless image file.
The recent attempts to fool users into installing the malware make use of bogus McDonalds and Coca-Cola Christmas promotion. In order to make the email look genuine, the email includes imagies taken borrowed from the official sites of the afore-mentioned companies. If the user is naïve enough he will open the .zip attachment and get a nasty holiday surprise.
According to McAfee, the worm has a built-in SMTP engine that mass mails copies of itself to email addresses harvested from an infected machine
If infected, the user can expect the following:
– restart/shutdown computer
– start/stop services
– start/stop keylogger
– download/upload files
– create/terminate/list process
– perform port scanning
– modify host file
– spread itself by instant messenger
– gather passwords that firefox, internet explorer saved
– gather account information of instant messenger (msn,yahoo,miranda,aim)