3 December 2008 No Comment

Seems like McDonald’s and Coca Cola are cyber criminals’ promoters of choice this season - two spoofed emails that claim to be from both of the highly popular brands were recently found by the Trend Micro Content Security Team.

Each messages trumpets a a Christmas promotion, and instructs the recipient to open the attached coupon contained in a .ZIP file.

Below are some sample screenshots:

Figure 1. Spammed message purported to come from Coca Cola

Figure 2. Attached file which supposedly contains information in the promo

Figure 3. Another spammed message, this time purported to be from McDonald’s

Figure 4. Attached file which poses as a coupon

Trend Micro already blocks such messages, and detects both attached files through the Smart Protection Network as WORM_MYDOOM.CG. This worm gathers email addresses from the affected system’s Windows Address Book and then sends copies of itself via email, using its own SMTP engine. It also drops copies of itself in folders shared in peer-to-peer networks, as well as in all physical removable drives. Furthermore, it drops a file detected as BKDR_SDBOT.QB.

This new twist in the way victims are lured into this scheme, which was initially seen just last week, strongly suggests that cber criminals are really getting their creative juices flowing, especially now that the holiday season is in full swing. On that note, users are advised to keep an eye out for these malicious schemes, and to not open unsolicited mails, as tempting as their offerings may be.