One of the worms already making rounds on the web is the W32/Xirtem@MM., a mass mailing worm that also spreads through removable media using autorun.inf, and also by copying itself to Shared folders of Peer-2-Peer applications.

Upon execution, the worm displays the above picture to trick users into believing that it was a harmless image file.

The recent attempts to fool users into installing the malware make use of bogus McDonalds and Coca-Cola Christmas promotion. In order to make the email look genuine, the email includes imagies taken borrowed from the official sites of the afore-mentioned companies. If the user is naïve enough he will open the .zip attachment and get a nasty holiday surprise.

According to McAfee, the worm has a built-in SMTP engine that mass mails copies of itself to email addresses harvested from an infected machine

If infected, the user can expect the following:

– restart/shutdown computer
– start/stop services
– start/stop keylogger
– download/upload files
– create/terminate/list process
– perform port scanning
– modify host file
– spread itself by instant messenger
– gather passwords that firefox, internet explorer saved
– gather account information of instant messenger (msn,yahoo,miranda,aim)