People say there is no such thing as a free lunch and as we recently found out that there’s no such thing as free supper either.
We recently came across a spam run that uses a nonexistent promotion from the popular fast-food chain McDonald’s that tries to convince users to execute a malicious file.
The spammed messages have been fashioned as invitations to “The Free Supper Day,” which will supposedly take place on June 29.
The message tells the users to print the file found in a .ZIP file attachment, which is supposed to be the invitation that they must show the cash desk in order to avail of free food.
Opening the said file, of course, will only lead to the installation of TROJ_INJECTOR.VI in the users’ systems. This Trojan accesses a server to report its successful attempt to infect systems. In return, the server sends other malicious files to the infected systems.
Based on our analysis, TSPY_KARAGNY.VI is the nastier of the two files, as its routines include stealing a wide range of information about the infected systems and about their users. It steals credentials for different applications such as the following:
- FTP applications
- Instant-messaging (IM) applications
- Email clients
- Poker game applications
- Web browsers
It also steals information related to different protocols such as HTTPMail, IMAP, NNTP, POP3, and SMTP.
Users are strongly advised to ignore such email messages. Considering the significance and amount of information this attack aims to steal, to become a victim for a promised free meal is simply not worth it.
To protect users from this threat, the Trend Micro™ Smart Protection Network™ blocks the email message, detects the malicious file attachment and the files it downloads, and prevents access to the URLs the attached file connects to.