How a free breakfast day at McDonalds can lead to malware danger

Filed Under: Malware, Spam

McDonaldsI don't know if you're the sort of person who wakes up in the morning, and the first thing you long for is a McDonalds' breakfast - but if you are, you might just be exactly what malware authors are looking for.

Researchers at SophosLabs have seen a malicious email that has been spammed out across the world in the last couple of days pretending to come from McDonalds.

The email claims that the fast-food giant is offering free breakfasts in each and every of their many thousands of restaurants around the globe. Chances are that there are many people who would love the prospect of munching on a McDonalds first thing in the morning.

McDonalds malware email

Part of the email reads as follows:

McDonalds invites you to The Free Breakfast Day which will take place on 26 June, 2011, in every cafe of ours.

Free Day’s menu!
- Ranch Snack Wrap (Crispy)
- Chicken Selects Premium Breast Strips
- Premium Caesar Salad with Grilled Chicken
- Strawberry Triple Thick Shake
- McCafe Hot Chocolate

Print the invitation card attached to the letter and show it at the cash desk of any of our restaurants.

But beware! There is no such thing as a free lunch.. breakfast.

The attached file is, of course, malicious. Sophos detects the ZIP file as Troj/BredoZp-DV and the Invitation_Card.exe file contained within as the Troj/Bredo-HU Trojan horse.

In an attempt to fool computer users into believing the file is safe, the EXE file has a Word icon.

Don't forget - you should always be suspicious of unsolicited attachments sent to you via email!

, ,

You might like

13 Responses to How a free breakfast day at McDonalds can lead to malware danger

  1. Clash · 1536 days ago

    Yeah I probably wouldn't open the attachment but I might have been prone to showing up at a McDonald's on the morning of the 26th.

  2. Chris · 1536 days ago

    I'll be sure to ask the helpful employee at the cash desk of my local McDonalds cafe whether I can have a free hamburger for breakfast.

    Scammers need to find people that have at least SOME grasp of the terms and idioms in the target culture. This would probably be even more successful if the wording didn't scream "SCAM SCAM SCAM." Of course, I guess we WANT our scammers stupid...

  3. Paul · 1536 days ago

    I loved the sign off. "Thank you for your credence. We really appreciate it"!!
    Sort of gives the game away.

    • Brutus · 1499 days ago

      Paul It only gives the game away to fairly intelligent people. That would tend to rule out the great majority of the people who go to McDonalds.

  4. Paul Black · 1536 days ago

    Having just received the said email in my in-box this morning I appreciate that you've flagged it up. The 'thank you for your credence' is definitely a nice touch, with its coded way of saying intelligent people with a good knowledge of English you'll probably spot this. Thanks for posting the warning.

  5. judith · 1536 days ago

    Thanks for the warning, it just arrived in my inbox and i google dit before opening

  6. Guest · 1535 days ago

    Just got it here in Sweden! Great with Google to get confirmation of the fake.
    Blame to the crook!!

  7. sunshinelove · 1535 days ago

    Traced the originates in sweden

  8. Louis · 1534 days ago

    I regrettably opened the file, is there a solution out there,,??

    • Good, up-to-date anti-virus software should be able to detect it. Contact the support department of your anti-virus vendor if you have any trouble removing the infection.

  9. Sivoch · 1531 days ago

    I didn't know it was a hoax and opened it up thankfully my computer protection picked it up and didn't allow it to open! I will always look up suspicious emails from now on from this website.

  10. Brutus · 1499 days ago

    Sivoch You should change the next to last word in your comment from "this" to "any."

  11. So many people out scamming these days. Mind you, McDonalds in the UK make a habit of charging their customers unreasonable fees for using their car parks. If that is not a scam, what is?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley