Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    People say there is no such thing as a free lunch and as we recently found out that there’s no such thing as free supper either.

    We recently came across a spam run that uses a nonexistent promotion from the popular fast-food chain McDonald’s that tries to convince users to execute a malicious file.

    The spammed messages have been fashioned as invitations to “The Free Supper Day,” which will supposedly take place on June 29.

    Click for larger view Click for larger view

    The message tells the users to print the file found in a .ZIP file attachment, which is supposed to be the invitation that they must show the cash desk in order to avail of free food.

    Opening the said file, of course, will only lead to the installation of TROJ_INJECTOR.VI in the users’ systems. This Trojan accesses a server to report its successful attempt to infect systems. In return, the server sends other malicious files to the infected systems.

    The malicious files downloaded onto the systems are now detected as TROJ_CTGOG.VI and TSPY_KARAGNY.VI.

    Based on our analysis, TSPY_KARAGNY.VI is the nastier of the two files, as its routines include stealing a wide range of information about the infected systems and about their users. It steals credentials for different applications such as the following:

    • FTP applications
    • Instant-messaging (IM) applications
    • Email clients
    • Poker game applications
    • Web browsers

    It also steals information related to different protocols such as HTTPMail, IMAP, NNTP, POP3, and SMTP.

    Users are strongly advised to ignore such email messages. Considering the significance and amount of information this attack aims to steal, to become a victim for a promised free meal is simply not worth it.

    To protect users from this threat, the Trend Micro™ Smart Protection Network™ blocks the email message, detects the malicious file attachment and the files it downloads, and prevents access to the URLs the attached file connects to.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice