• On The Insider: Bruno Film Edited Due to Jackson's Death
December 3, 2008 2:07 PM PST

Worm uses familiar brands to lure people

by Robert Vamosi

Ho-ho-ho. This isn't an offer for a real coupon book from McDonald's. It's a new mass-mailing e-mail worm.

(Credit: Websense)

On Tuesday security vendor WebSense issued an alert warning that holiday coupon e-mails from familiar companies may be malicious code in disguise, in this case a mass-mailing e-mail worm.

The warning cites one spoofed McDonald's e-mail that claims to present their latest discount menu, and asks the recipient to print out the attached coupon. A similar mailing pretending to be from Coca-Cola asks recipients to print out details about their new online game, and also offers recipients a chance to win Coca-Cola drinks for life. Websense says the attached zip file contains files named either coupon.exe or promotion.exe, both of which contain dropper files for remote access Trojan horses.

Previously, Websense issued an alert for a holiday-themed animated postcard.

This cute holiday card could install a worm on your PC, says McAfee.

(Credit: McAfee)

On Wednesday, McAfee identified a third holiday-themed e-mail using the Hallmark brand. McAfee has named the malware used as W32/Xirtem@MM and says this particular worm carries a built-in SMTP engine that mass-mails copies of itself to e-mail addresses harvested from an infected machine.

In all cases the e-mail appears to be legitimate, using images taken from the McDonald's, Coca-Cola, and Hallmark sites.

To avoid compromise, antivirus experts recommend not opening e-mail attachments as well as keeping your desktop's antivirus protection up-to-date.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News,

Vulnerabilities & attacks

Tags:

security,

worm,

trojan horse,

McDonalds,

McAfee,

Hallmark,

Coke,

Coke-Cola,

malware,

social engineering,

holiday-themed,

mass-mailing

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Microsoft warns of hole in Video ActiveX control
Report: Problems stymie U.S. cyberspy protection
Symantec's Ramzan on solving the antivirus puzzle
Apple fixing iPhone SMS security hole
Waledac worm targeting July 4 spam offensive
ATM vendor gets security talk pulled from conferences
Postini: Google's take on e-mail security
Botnets lead the way for spam
Related
Add a Comment (Log in or register) (14 Comments)
  • prev
  • 1
  • next
by  Brian December 3, 2008 3:30 PM PST
Good thing those Windows .exe files don't work on a Mac!

Life is good. :)
Reply to this comment
by _sandman_ December 6, 2008 2:36 PM PST
They also dont work on Linux :)

If you run a virus in WINE, nothing really happens...
by Perry_Clease December 3, 2008 3:39 PM PST
Today I received an email that supposedly came from the US Post Office. It said:

"Unfortunaly we couldn?t carry you the postal parcel sent on 28, October at the right time
as there is an incorrect recipient?s address.

To take your package back you should print the copy of invoice that is in the added file

Your UPS"


Of course I was suspicious from the get go and deleted the message, but with this being the season for mailing packages there may be people who will fall for it. Let see, UPS is either my backup battery or United Parcel Service and not the abbreviation for the USPS
Reply to this comment
by 42istheanswer December 3, 2008 3:45 PM PST
why? Why does this stuff continue to work? Every windows users should pack up their PC and ship it back to the vendor.
Reply to this comment
by superswiss December 3, 2008 4:23 PM PST
Because the user is effectively the weakest part on a computer. Look what happened to malware. Windows has become harder and harder to penetrate and fixes for newly discovered vulnerabilities are quickly released. Malware has moved away from OS malware to social malware. There's no patch to fix the stupidity of the user. Be careful what you wish for. If Windows users start ditching their PCs and go buy a Mac, these emails will start having OS X executables attached. The average Mac user is not any smarter than the average Windows user.
by theused22 December 3, 2008 6:01 PM PST
Just dont be stupid.. everyone I know hasn't ever gotten a virus becasue of being smart and not looking at bad porn sites, maybe you should try this when using windows too.
by chedrz December 3, 2008 6:05 PM PST
I got a great one yesterday from PayPaI. You can't tell, but that "l" is an "i". They told me someone had tried to get into my account and that it had been frozen until I logged back in properly and provided more credentials. The link to the website led to an Italian domain. Last time I checked, PAYPAL was based in America...hmm...
Reply to this comment
by Perry_Clease December 3, 2008 8:17 PM PST
"I got a great one yesterday from PayPaI. You can't tell, but that "l" is an "i"... The link to the website led to an Italian domain."

That would be for pay pai as in paisan :)
by bruceslog December 6, 2008 6:41 AM PST
Yeah, I got that one too... didn't open it.. sent the headers and message source to the Real Paypal spoof department.
by sbaxter December 3, 2008 10:21 PM PST
Thanks for the headsup!
Reply to this comment
by therad456 December 4, 2008 4:24 AM PST
Thanks a lot for the warning.
Reply to this comment
by starbuddy1995 December 5, 2008 1:09 PM PST
this is interesting and thanks Cnet and those who helped to deliver this heads up
Reply to this comment
by jtoylady December 6, 2008 11:46 AM PST
I have gotten more than one of these,I sent them all to the real paypal.
you can usually tell when it is a fraudulent site ,just look carefully at the spelling ,the way it is worded and the content.there is always something that will give it away!
Reply to this comment
by chonkers December 6, 2008 3:41 PM PST
eBay is another biggie to watch for....I received one claiming that i have an outstanding product i have not paid for and eBay will be closing me down...just check into your paypal account and all will be cool......

yup, ok....i never even ordered a diamond necklace.....that was the giveaway and i have not bought anything through eBay....although i do use paypal on occassion

i gotta tell ya tho....it nearly had me....i really thought for a while i had bought this....be careful out there dudes
Reply to this comment
(14 Comments)
  • prev
  • 1
  • next
advertisement

Look before leaping to short URLs

Fueled by Twitter's rise, services that scrunch Web addresses are taking off. They bring a host of problems, but some are working to fix them.

In Utah desert, it's bombs away

road trip At the massive Utah Test & Training Range, the Air Force runs 15,000 sorties a year to ensure that pilots and weapons are on the mark.
• Photos: Training and testing

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET