SonicWALL UTM Research team received reports of a new spam campaign pretending to be arriving from McDonalds Restaurants being spammed in the wild. This campaign includes subject about "McDonalds Free Dinner".
The sample e-mail format of the spam campaign includes the following:
Subject:
Attachment: Invitation_Card{Random Numbers}.zip (22.9KB)
The executable file masquerades as a Microsoft Word document by using an icon seen below:
If the user downloads and executes the malicious executable inside the zip attachment, it performs the following activity:
Downloads other malware:
Dropped files:
Added Registry:
Network Activity:
This malware steals system information and sends them to remote server every 96 seconds.
Once the remote server receives the system information, it will acknowledge it and reply with commands as follows:
FakeAV
After Clicking the "Scan Online" Button, it will show this message and prompts for rebooting the system:
After rebooting the system, the following FakeAV screens will appear. It will then ask the user to pay for the software to completely clean the system.
SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:
Share This Article
An Article By
An Article By
Security News
Security News