Websence Security Labs posted an alert in regards to malicious McDonalds and Coca-cola holiday email promotions and coupons.
From the report on Websence's Security Labs website, it seems victims are receiving messages that include a holiday promotion from Coca-Cola and a coupon from McDonalds. The messages include a malicious zip file that contains the executable files promotion.exe and coupon.exe, both found to be malicious.
Websence Security Labs discovered that both coupon.exe and promotion.exe files are trojan droppers that have low anti-virus detection for the time being.
The Coca-Cola spoofed spam message appears to come from the coca-cola company and includes a zip file attachment named promotion.zip. The email message may look legitimate as it states the attachment has details about a new online game and a chance to win Coca-Cola drinks for life. That may sound like a great deal too many computer users as some may choose to download and open the zip file attachment. Unfortunately, if the attachment is opened and the executable file is access it can then infect your system with a Trojan dropper that could have the ability to download or install malware.
[image source: securitylabs.websense.com]
The McDonalds spam message is not much different from the Coca-Cola email. The McDonalds spam email claims to present the latest discount menu including an attached coupon that should be printed. Of course during the economic downturn that many of us are facing we all want to save a little money and what better way to do this than with a coupon offer during the holiday season?
[image source: securitylabs.websense.com]
Many computer users may fall victim to these current malspam messages just like the older cnn.com spoofed messages that we talked about a few months ago. During the holiday season it is easier for hackers to run these fake promotions in hopes that they will be able to attack a large number of people looking for "deals" online. It is always a good suggestion to become knowledgeable about the latest threats and spam campaigns that plague the internet world today.
Have you ever received a Coca-Cola or McDonalds promotional spam message? Have you ever received a similar email spam message? Did you download or execute the attached file?