darin
12-09-2008, 08:07 AM
SUMMARY: W32.Ackantta@mm (Symantec) is a worm that uses socially engineered emails and removable storage media to propagate. When executed the worm drops files onto the infected system, and will copy itself along with an autorun.inf file to removable storage devices connected to the computer. The worm will also search the compromised system for email addresses and will send a copy of itself to the addresses found using the following or similar subject lines:
Subject: Mcdonalds wishes you Merry Christmas!
Subject: Coca Cola is proud to accounce our new Christmas Promotion.
Subject: You've received A Hallmark E-Card!
From: giveaway@mcdonalds.com
Subject: Mcdonalds wishes you Merry Christmas!
Message body:
McDonald's is proud to present our latest discount menu.
Simply print the coupon from this Email and head to your local McDonald's for FREE giveaways and AWESOME savings.
You don't have a flash plugin installed or javascript enabled.
Corporate McDonald's | Facts about McDonald's | Podcasts | Voice 2007-2008 McDonald's. All rights reserved.
Attachment: coupon.zip
From: noreply@coca-cola.com
Subject: Coca Cola is proud to accounce our new Christmas Promotion.
Message body:
Coca Cola is proud to accounce our new Christmas Promotion.
December, 2008
Play our fantastic new online game for your chance to WIN a trip to the Bahamas and get all Coca Cola drinks for free in the rest of your life. See the attachment for details.
The trademarks listed are owned or used under license by The Coca-Cola Company and its related affiliates, as of December 31, 2006.
These trademarks may be owned or licensed in select locations only. 2008 The Coca-Cola Company, all rights reserved.
Attachment: promotion.zip
From: postcards@hallmark.com
Subject: You've received A Hallmark E-Card!
Message body:
You have received A Hallmark E-Card.
Hello!
You have received a Hallmark E-Card from your friend.
To see it, check the attachment.
There's something special about that E-Card feeling. We invite you to make a friend's day and send one.
Hope to see you soon,
Your friends at Hallmark
Your privacy is our priority. Click the "Privacy and Security" link at the bottom of this E-mail to view our policy.
Hallmark.com | Privacy & Security | Customer Service | Store Locator
Attachment: postcard.zip
More info - this should take you to Symantic's site where you can find the worm's technical details.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-120308-3556-9&tabid=2
Subject: Mcdonalds wishes you Merry Christmas!
Subject: Coca Cola is proud to accounce our new Christmas Promotion.
Subject: You've received A Hallmark E-Card!
From: giveaway@mcdonalds.com
Subject: Mcdonalds wishes you Merry Christmas!
Message body:
McDonald's is proud to present our latest discount menu.
Simply print the coupon from this Email and head to your local McDonald's for FREE giveaways and AWESOME savings.
You don't have a flash plugin installed or javascript enabled.
Corporate McDonald's | Facts about McDonald's | Podcasts | Voice 2007-2008 McDonald's. All rights reserved.
Attachment: coupon.zip
From: noreply@coca-cola.com
Subject: Coca Cola is proud to accounce our new Christmas Promotion.
Message body:
Coca Cola is proud to accounce our new Christmas Promotion.
December, 2008
Play our fantastic new online game for your chance to WIN a trip to the Bahamas and get all Coca Cola drinks for free in the rest of your life. See the attachment for details.
The trademarks listed are owned or used under license by The Coca-Cola Company and its related affiliates, as of December 31, 2006.
These trademarks may be owned or licensed in select locations only. 2008 The Coca-Cola Company, all rights reserved.
Attachment: promotion.zip
From: postcards@hallmark.com
Subject: You've received A Hallmark E-Card!
Message body:
You have received A Hallmark E-Card.
Hello!
You have received a Hallmark E-Card from your friend.
To see it, check the attachment.
There's something special about that E-Card feeling. We invite you to make a friend's day and send one.
Hope to see you soon,
Your friends at Hallmark
Your privacy is our priority. Click the "Privacy and Security" link at the bottom of this E-mail to view our policy.
Hallmark.com | Privacy & Security | Customer Service | Store Locator
Attachment: postcard.zip
More info - this should take you to Symantic's site where you can find the worm's technical details.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-120308-3556-9&tabid=2