An email offering a McDonald’s discount menu, new bait to infect users

PandaLabs, Panda Security’s laboratory for detecting and analyzing malware, has detected an email message claiming to be a special Christmas offer from McDonald’s, but which really spreads the P2PShared.U worm.

The email subject is “Mcdonalds wishes you Merry Christmas!”, while the message text reads as follows:

“McDonald’s is proud to present our latest discount menu. Simply print the coupon from this Email and head to your local McDonald’s for FREE giveaways and AWESOME savings.”

To make the message look more authentic, the sender’s address shows the “mcdonalds.com” domain. The message also contains a drop-down menu for the targeted user to choose their country, a cunning detail given the fact the emails claim to come from a multinational company such as McDonald’s.

This malicious code also uses a different set of emails to spread. In this case, the message subject is “You have recieved (sic) a Hallmark E-Card from your friend”.

The message text prompts users to download and run the attached message in order to open the card.

In both cases, if the user follows the instructions in the email, downloads the attachment and tries to open it, they will actually be downloading a copy of P2PShared.U and will install it on their computer.

“These emails use social engineering in different ways. Both emails attract users’ attention with Christmas-related subjects. However, the first email also exploits the financial crisis by inviting users to download a coupon for gifts and savings; a very effective lure”, explains Luis Corrons, technical director of PandaLabs.

Once on the computer, the worm sends out emails with the same subject and appearance to other users.

Finally, it copies itself to folders of various P2P file-sharing programs (eMule, LimeWire, Morpheus, etc.) with names relating to security software, image editing programs, program cracks, etc. This way, any user that tries to download any of these applications will be actually letting a copy of the worm into their computer.

To avoid these infections Panda advises users not to open messages from unknown senders, and in particular, not to open any attachments they might contain or click any links in them.

Source: PandaSecurity

Most often, email file compression isn't worth the effort. Decide when to take that step and when to avoid it.

Are you constantly menu-diving to get your document's word count? Save time with this quick and easy toolbar button.

Watch downloaded video on your iPod or iPhone with a little help from Videora Converter.

Dreamweever66 needs to reinstall Windows. He asked the Answer Line forum where he can find that 20-digit number that tells Microsoft he bought Windows.

Fed up with Firefox always downloading your files to the desktop? Here's how to have your say in the matter.