• On CHOW: Sexy vampire party
advertisementGet Smart about Business Spending
December 3, 2008 2:07 PM PST

Worm uses familiar brands to lure people

by Robert Vamosi
  • Font size
  • Print
  • 14 comments

Ho-ho-ho. This isn't an offer for a real coupon book from McDonald's. It's a new mass-mailing e-mail worm.

(Credit: Websense)

On Tuesday security vendor WebSense issued an alert warning that holiday coupon e-mails from familiar companies may be malicious code in disguise, in this case a mass-mailing e-mail worm.

The warning cites one spoofed McDonald's e-mail that claims to present their latest discount menu, and asks the recipient to print out the attached coupon. A similar mailing pretending to be from Coca-Cola asks recipients to print out details about their new online game, and also offers recipients a chance to win Coca-Cola drinks for life. Websense says the attached zip file contains files named either coupon.exe or promotion.exe, both of which contain dropper files for remote access Trojan horses.

Previously, Websense issued an alert for a holiday-themed animated postcard.

This cute holiday card could install a worm on your PC, says McAfee.

(Credit: McAfee)

On Wednesday, McAfee identified a third holiday-themed e-mail using the Hallmark brand. McAfee has named the malware used as W32/Xirtem@MM and says this particular worm carries a built-in SMTP engine that mass-mails copies of itself to e-mail addresses harvested from an infected machine.

In all cases the e-mail appears to be legitimate, using images taken from the McDonald's, Coca-Cola, and Hallmark sites.

To avoid compromise, antivirus experts recommend not opening e-mail attachments as well as keeping your desktop's antivirus protection up-to-date.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News,

Vulnerabilities & attacks

Tags:

security,

worm,

trojan horse,

McDonalds,

McAfee,

Hallmark,

Coke,

Coke-Cola,

malware,

social engineering,

holiday-themed,

mass-mailing

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
VeriSign expects major security update by 2011
Microsoft patching zero-day Windows 7 SMB hole
RSA reveals details behind re-shipping scam
Expert says Adobe Flash policy is risky
Apple updates Safari for security
Microsoft probing Windows 7 zero-day hole
Security considerations for virtual environments
Eastern Europeans charged in payment processor hack
Related
Phishing, worms spike this year, say Microsoft and McAfee
Microsoft chops price of its hosted software
Week in review: Microsoft getting lucky with 7?
Velcro bus stop ads bound to end in disaster
Fake Facebook e-mail contains Trojan
Jailbreakers beware: iPhone malware evolves rapidly
Mac Game: Art project or malware?
CNET News Daily Podcast: Web expected to drive holiday sales
Add a Comment (Log in or register) (14 Comments)
  • prev
  • 1
  • next
by  Brian December 3, 2008 3:30 PM PST
Good thing those Windows .exe files don't work on a Mac!

Life is good. :)
Reply to this comment
by _sandman_ December 6, 2008 2:36 PM PST
They also dont work on Linux :)

If you run a virus in WINE, nothing really happens...
by Perry_Clease December 3, 2008 3:39 PM PST
Today I received an email that supposedly came from the US Post Office. It said:

"Unfortunaly we couldn?t carry you the postal parcel sent on 28, October at the right time
as there is an incorrect recipient?s address.

To take your package back you should print the copy of invoice that is in the added file

Your UPS"


Of course I was suspicious from the get go and deleted the message, but with this being the season for mailing packages there may be people who will fall for it. Let see, UPS is either my backup battery or United Parcel Service and not the abbreviation for the USPS
Reply to this comment
by 42istheanswer December 3, 2008 3:45 PM PST
why? Why does this stuff continue to work? Every windows users should pack up their PC and ship it back to the vendor.
Reply to this comment
by superswiss December 3, 2008 4:23 PM PST
Because the user is effectively the weakest part on a computer. Look what happened to malware. Windows has become harder and harder to penetrate and fixes for newly discovered vulnerabilities are quickly released. Malware has moved away from OS malware to social malware. There's no patch to fix the stupidity of the user. Be careful what you wish for. If Windows users start ditching their PCs and go buy a Mac, these emails will start having OS X executables attached. The average Mac user is not any smarter than the average Windows user.
by theused22 December 3, 2008 6:01 PM PST
Just dont be stupid.. everyone I know hasn't ever gotten a virus becasue of being smart and not looking at bad porn sites, maybe you should try this when using windows too.
by chedrz December 3, 2008 6:05 PM PST
I got a great one yesterday from PayPaI. You can't tell, but that "l" is an "i". They told me someone had tried to get into my account and that it had been frozen until I logged back in properly and provided more credentials. The link to the website led to an Italian domain. Last time I checked, PAYPAL was based in America...hmm...
Reply to this comment
by Perry_Clease December 3, 2008 8:17 PM PST
"I got a great one yesterday from PayPaI. You can't tell, but that "l" is an "i"... The link to the website led to an Italian domain."

That would be for pay pai as in paisan :)
by bruceslog December 6, 2008 6:41 AM PST
Yeah, I got that one too... didn't open it.. sent the headers and message source to the Real Paypal spoof department.
by sbaxter December 3, 2008 10:21 PM PST
Thanks for the headsup!
Reply to this comment
by therad456 December 4, 2008 4:24 AM PST
Thanks a lot for the warning.
Reply to this comment
by starbuddy1995 December 5, 2008 1:09 PM PST
this is interesting and thanks Cnet and those who helped to deliver this heads up
Reply to this comment
by jtoylady December 6, 2008 11:46 AM PST
I have gotten more than one of these,I sent them all to the real paypal.
you can usually tell when it is a fraudulent site ,just look carefully at the spelling ,the way it is worded and the content.there is always something that will give it away!
Reply to this comment
by chonkers December 6, 2008 3:41 PM PST
eBay is another biggie to watch for....I received one claiming that i have an outstanding product i have not paid for and eBay will be closing me down...just check into your paypal account and all will be cool......

yup, ok....i never even ordered a diamond necklace.....that was the giveaway and i have not bought anything through eBay....although i do use paypal on occassion

i gotta tell ya tho....it nearly had me....i really thought for a while i had bought this....be careful out there dudes
Reply to this comment
(14 Comments)
  • prev
  • 1
  • next

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET