The Latest in IT Security

No Such Thing As Free Lunch, And Free Supper Will Cost You

22
Jun
2011

People say there is no such thing as a free lunch, and as we’ve recently found out, there’s no such thing as free supper either.

We’ve recently come across a spam run that uses a nonexistent promotion from popular fastfood chain McDonald’s to convince users to execute a malicious file.

The spammed email messages are fashioned as invitations for recipients to “The Free Supper Day” which will supposedly take place on June 29th.

 

 

Click for larger view Click for larger view

 

 

The message tells the user to print the file inside an attached ZIP file, which is the invitation that they must show the cash desk in order to avail of the free food.

But of course, opening the said file will only lead to the installation of the malicious file TROJ_INJECTOR.VI into the user’s system. TROJ_INJECTOR.VI connects to a server and reports the successful system infection. In return, the server sends other malicious files into the affected system.

The malicious files downloaded into the system are now detected as TROJ_CTGOG.VI and TSPY_KARAGNY.VI.

Based on our analysis, it seems that TSPY_KARAGNY.VI is the nastier of the two files, as its routines include the theft of a wide range of information about the affected system and its user. It steals credentials for different applications, such as the following:

  • FTP applications
  • Instant messaging applications
  • Email clients
  • Poker game applications
  • Web browsers

It also steals information related to different protocols, such as HTTPMail, IMAP, NNTP, POP3 and SMTP.

Users are strongly advised to ignore such emails if they receive them. Considering the significance and amount of information this attack aims to steal, to get victimized for a promised free meal is simply not worth it.

To protect users from this threat, the Trend MicroT Smart Protection NetworkT blocks the email message, detects the attached malicious file, and prevents access to the URLs to which it connects to.

Leave a reply


Categories

FRIDAY, JULY 23, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments