14 DAY TRIAL // Security researchers warn about new spam emails purporting to offer a free meal at McDonald's, but in reality contain malware.
The rogue emails bear different subjects such as "Your favourite dishes are given for free" or "We invite everyone to the day of free food" and purport to come from @mcdonalds.com email addresses.
The message contained within is almost the same for all emails, but the free menu and type of meal differs.
For example, in a sample intercepted by Sophos, the spammers write "McDonalds invites you to The Free Breakfast day which will take place on 27 June, 2011, in every cafe of ours."
However, BitDefender found a different variant where the spammers claim it's The Free Dinner Day. The menus listed in the two emails also differ, but both of them have the same final instruction:
"Print the invitation card attached to the letter and show it at the cash desk of any of our restaurants. Every manager will gladly take your card and issue you a tasty dish of Free Day."
The file attachments are called Invitation_card_[number].zip and contain an executable file which installs a trojan dropper which downloads and installs other pieces of malware, including a backdoor, from third-party websites.
"In an attempt to fool computer users into believing the file is safe, the EXE file has a Word icon. Don't forget - you should always be suspicious of unsolicited attachments sent to you via email," warns Graham Cluley, a senior technology consultant at Sophos.
"Other senders for this campaign are [email protected], [email protected], [email protected], [email protected] or [email protected]. For instance, I got the mail from the [email protected], but you can get it from any of the above," notes BitDefender's Loredana Botezatu.
