McDonalds Unwittingly Distributes Contaminated Prizes

Fast food chain McDonalds in Japan recalled the 'MP3 players' prizes when it discovered that it bore a particularly offending malware. There is a possibility that about 10,000 individuals have been affected by the problem who owned Flash MP3 players that seemed to be pre-loaded with tunes and 'QQPass spyware Trojan'.

Gamblers who purchased a drink from McDonalds in Japan and submitted the serial number attached to the product as an element of a contest, promoted by McDonalds and Coca-cola received the contaminated gift.

Individuals who set their MP3 players (named after McDonalds) to their Windows personal computers were infected by a spyware code that transmitted their passwords and other critical information to outsiders. The result was illegal access of bank accounts and theft of money.

Symantec on its website talks about a tool, "Hacktool.PWS.QQPass" that creates a Trojan. It churns trojans programmed to steal 'dial-up networking' telephone numbers and passwords. It also picks passwords of OICQ, a famous Chinese talk show. The Trojan then sends the information to specific e-mails ids. The file name Hacktool.PWS.QQPass has five random letters with an .exe extension. The tool can also create the server part of a backdoor Trojan. The length of this Trojan is about 46K and uses ASPack to compress it.

Although the reason behind the MP3 player infection is not clear, but previous experience indicates involvement of some contaminated machine, that installed content onto the players.

The fast food chain has issued software that erases the malware from infected systems. McDonalds Japan has apologized for the mishap and set up a help-line, which handles the withdrawal of the infected MP3 players and distributes uncontaminated music pieces.

The competition was on during August 2006 and the prizes were delivered in late September. Contestants had to detach a sticker from the drink, that showed a unique code to enter on the McDonald's website.

McDonald declared on its website that the virus results in infection when the prize is linked to the computer. Therefore, it recommends consumers not to use the prize for the time being.

Related article: Macedonian Hackers Posted Threatening Message on Bulgarian President’s Website

» SPAMfighter News - 10/26/2006