People say there is no such thing as a free lunch, and as we’ve recently found out, there’s no such thing as free supper either.
We’ve recently come across a spam run that uses a nonexistent promotion from popular fastfood chain McDonald’s to convince users to execute a malicious file.
The spammed email messages are fashioned as invitations for recipients to “The Free Supper Day” which will supposedly take place on June 29th.
 |
 |
The message tells the user to print the file inside an attached ZIP file, which is the invitation that they must show the cash desk in order to avail of the free food.
But of course, opening the said file will only lead to the installation of the malicious file TROJ_INJECTOR.VI into the user’s system. TROJ_INJECTOR.VI connects to a server and reports the successful system infection. In return, the server sends other malicious files into the affected system.
The malicious files downloaded into the system are now detected as TROJ_CTGOG.VI and TSPY_KARAGNY.VI.
Based on our analysis, it seems that TSPY_KARAGNY.VI is the nastier of the two files, as its routines include the theft of a wide range of information about the affected system and its user. It steals credentials for different applications, such as the following:
- FTP applications
- Instant messaging applications
- Email clients
- Poker game applications
- Web browsers
It also steals information related to different protocols, such as HTTPMail, IMAP, NNTP, POP3 and SMTP.
Users are strongly advised to ignore such emails if they receive them. Considering the significance and amount of information this attack aims to steal, to get victimized for a promised free meal is simply not worth it.
To protect users from this threat, the Trend MicroT Smart Protection NetworkT blocks the email message, detects the attached malicious file, and prevents access to the URLs to which it connects to.
Leave a reply
