Wed, 12/17/2008 - 17:24 — Igor Donchenko
The pre-Christmas period is a lucrative time for criminal Internet gangs. The Internet community is sending pictures, presentations, information on offers – and coupons. The virus writers are taking an active part and are packing their harmful software in coupons.
The coupons are included in the email attachment of fake email that appear to come from McDonald’s and Coca Cola. While the fake McDonald’s email promises a low cost menu the recipient should print out, the fake email of Coca Cola refers to a new online game. Instead of coupons or games the worm Worm/McMaggot.A appears when opening the ZIP file, which infects the system.
The worm installs another component downloaded from the Net which Avira recognizes as BDS/McMaggot.A. It is a backdoor to control the computer remotely and records keystrokes. After, the worm scans the computer for email addresses it uses them to send itself through its own email routine (SMTP engine).
The anti-virus solutions of Avira recognize the harmful program with the virus definition file VDF 7.01.00.184. The users of the anti-virus solution from Germany are already protected with the heuristic detection from the harmful program: Avira products have detected the file attachment generically as "TR/Dropper.Gen".
Fake McDonald's letter says: "McDonald's is proud to present our latest discount menu. Simply print the coupon from this Email and head to your local McDonald's for FREE giveaways and AWESOME savings."
Fake Coca-Cola's letter says: "Coca Cola is proud to announce our new Christmas Promotion. Play our fantastic new online game for your chance to WIN a trip to the Bahamas and get all Coca Cola drinks for free in the rest of your life. See attachemnt for details."
Internet users should not only update their operating system and the installed software but also have an update to date anti-virus solution to protect against harmful programs. Always be cautious of tempting offers: Things that appear too good to be true, are unreal as a rule. You should be very careful with email file attachments you get without request. Calling the sender can very often help to find out whether the email address is fake and if it has hidden dangers.