McDonald's-Themed Attack No Happy Meal

By Matthew Hines  |  Posted 2008-12-16 Print this article Print

As the economy slumps and the holiday season arrives malware schemers are weaving together various timely social trends to target new attacks at end users.

In one such new iteration of the activity, researchers at PandaLabs have isolated a P2P worm virus making the rounds in a campaign that marries the time-honored holiday celebration angle with discount-driven dining options. Disguised as a special holiday coupon deal offering freebies at McDonald's, the attack instead infects affected machines with the P2PShared.U worm.

See now, if you're like me and you hate both shameless holiday-themed consumerist drivel and McD's, you're probably immune from this one (Bah-hamburg...). But, with people looking to squeeze the most out of every dollar during this giving season being carried out amid financial crisis, you have to think that there are a lot of people who might swallow the bait. (forgive me, please).

Once a user opens the involved attachment, the virus file installs itself on their computer and then copies itself to folders of various P2P file-sharing programs like eMule, LimeWire and Morpheus, with names relating to security software, image editing programs and program cracks, PandaLabs said.

Thereafter, any affected user that tries to download any of the involved P2P applications also infects their PC with yet another copy of the worm. Once on the computer, the worm sends out e-mails with the same subject themes and appearance to other users.

PandaLabs contends that the attackers likely saw McDonald's recent financial good news and were inspired to piggyback on it as the economy has apparently driven more people to stuff themselves with MSG-laden burger treats. (Personally I go for Wendy's)

To fool users into believing that the e-mail-borne attack is coming from an authentic source, the attackers have spoofed the"" domain and even gone to the trouble of including a drop-down menu for users to choose the country that they are located in. PandaLabs contends that both engineering twists are intended to convince end users that the threats do in fact come from McDonald's, a truly multi-national company.

However, I'm also left wondering if, as in other recent attacks, the people behind the campaign are also trying to protect themselves from having people in their own regions take the bait and therein increase the likelihood that they may be caught by local authorities. Attackers out of Russia and China appear to be using this angle quite a bit lately, and it would appear to be a pretty smart maneuver as it keeps them more distant from potential pursuants.

In addition to the McDonald's ploy, P2PShared.U worm is also making the rounds disguised as a holiday Hallmark e-Card, using the same process of infected attachment, the company said.

So, the moral is, avoid any unsolicited offers of holiday cheer or fast food and save yourself a lot of heartburn.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel