Please support our Tech Talk advertiser:
Featured Entry 
Oct 20th, 2006, 7:26 am
You cannot fault the Japanese arm of Mc Donald’s for moving with the times and giving away Flash MP3 players as prizes in a competition to customers who bought large Coca-Cola drinks. But, to be honest, I would rather have had the usual tacky plastic movie tie-in toy because at least those guys do not come complete with spyware.
Yep, one can only assume that Ronald McDonald has been promoted to head of IT security for the fast food giants, after all it is the only reasonable explanation of how the QQpass spyware Trojan was allowed to be distributed, unnoticed, on the McDonald’s branded MP3 players.
Sure, the security breach was eventually spotted, but not until 10,000 of the infected prizes had already been sent out. The McDonald’s product recall, apology and telephone helpline offering advice on disinfecting a PC are all welcome but should not have been needed in the first place.
As someone who has been a Contributing Editor of computer magazines for two decades now, I seriously thought that the era of the freebie give-away virus infection was over. After all, this is positively old school when it comes to distribution methodology. I can recall some highly serious slip ups over the years, with magazine publishers who should have known better, even in the early 90’s, managing to infect their customers by issuing cover mounted CDs that were not virus-checked properly.
But everyone knows better these days, security is not a black art, it is no longer a secret shared only between those who know the special handshake. Everyone, apart from McDonald’s apparently, understands that if you are giving away an item that contains data and it intended to be plugged into a customer PC then it has to be checked and double-checked and declared clean before it reaches the distribution chain.
Those who really care about their customers, and their brand reputation, would check again at the final stage of distribution before shipping to ensure no malware had been introduced along the way.
Something that did not, obviously, happen in this case. Something made even more surprising given that the McDonald’s branding was emblazoned on the MP3 players, so these would be linked directly to the conglomerate along with any problems.
What did happen was when the MP3 player was plugged into the PC for the very first time, and the user attempts to start the player, so the Trojan was activated. And what does QQpass actually do? Oh, nothing much, just tries to shut down your AV software, steal login details for a Chinese chat application called OICQ and assorted web passwords before emailing them to a number of associated hackers.
It could be argued that the end user is as much to blame if they did not have anti-spyware and adequate firewall protection to prevent infection, but you will not find me arguing it. I am much more likely to be joining the ‘you cannot blame non-technical PC users for trusting a company such as McDonald’s to not be distributing malware’ argument to be honest.
Yep, one can only assume that Ronald McDonald has been promoted to head of IT security for the fast food giants, after all it is the only reasonable explanation of how the QQpass spyware Trojan was allowed to be distributed, unnoticed, on the McDonald’s branded MP3 players.
Sure, the security breach was eventually spotted, but not until 10,000 of the infected prizes had already been sent out. The McDonald’s product recall, apology and telephone helpline offering advice on disinfecting a PC are all welcome but should not have been needed in the first place.
As someone who has been a Contributing Editor of computer magazines for two decades now, I seriously thought that the era of the freebie give-away virus infection was over. After all, this is positively old school when it comes to distribution methodology. I can recall some highly serious slip ups over the years, with magazine publishers who should have known better, even in the early 90’s, managing to infect their customers by issuing cover mounted CDs that were not virus-checked properly.
But everyone knows better these days, security is not a black art, it is no longer a secret shared only between those who know the special handshake. Everyone, apart from McDonald’s apparently, understands that if you are giving away an item that contains data and it intended to be plugged into a customer PC then it has to be checked and double-checked and declared clean before it reaches the distribution chain.
Those who really care about their customers, and their brand reputation, would check again at the final stage of distribution before shipping to ensure no malware had been introduced along the way.
Something that did not, obviously, happen in this case. Something made even more surprising given that the McDonald’s branding was emblazoned on the MP3 players, so these would be linked directly to the conglomerate along with any problems.
What did happen was when the MP3 player was plugged into the PC for the very first time, and the user attempts to start the player, so the Trojan was activated. And what does QQpass actually do? Oh, nothing much, just tries to shut down your AV software, steal login details for a Chinese chat application called OICQ and assorted web passwords before emailing them to a number of associated hackers.
It could be argued that the end user is as much to blame if they did not have anti-spyware and adequate firewall protection to prevent infection, but you will not find me arguing it. I am much more likely to be joining the ‘you cannot blame non-technical PC users for trusting a company such as McDonald’s to not be distributing malware’ argument to be honest.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 2,441 views, 3 comments, and 29 linkbacks. 3 voters have rated this entry an average of 5 out of 5 stars. It was promoted to featured status Oct 20th, 2006.
•
•
•
•
advertising apple botnet browser business crime data development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla mp3 music news privacy research search security social networking software spam survey technology trojan uk virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
1337_MilkMan | Newbie Poster | Oct 24th, 2006
•
•
•
•
I'm NOT lovin' it. Lol.
happygeek | He's The Daddy | Oct 20th, 2006
Mushy-pea | Posting Whiz in Training | Oct 20th, 2006
•
•
•
•
Have you considered the possibility that it was diliberate on the part of the "Mc". I would imagine you've heard somthing about this:
http://www.alwayson-network.com/comm...12929_0_40_0_C
Good article by the way.
Steven.
http://www.alwayson-network.com/comm...12929_0_40_0_C
Good article by the way.
Steven.
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Guild Wars 2: In-House FAQ (15 Hours Ago)
- UK ISPs agree to throttle illegal music file-sharers (20 Hours Ago)
- Intel To Focus on Devices, Again (1 Day Ago)
- WikiGoogle or GooglePedia? Nope, it is Knol actually. (1 Day Ago)
- 5-4-3-2-1 your website in infected (2 Days Ago)
- Botnets boost click-fraud rate (2 Days Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (3 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- More Dark Spots on Apple's MobileMe Migration (4 Days Ago)
- Power-Sipping PC Runs Linux (4 Days Ago)
Related Forum Threads
- Is this software any good? (Viruses, Spyware and other Nasties)
- 1st MONTH FREE! Resellers | RVSkin | Fantastico | End-User Support | INSTANT Setup! (Web Hosting Deals)
- WireNine.com Halloween Hosting Special: Pay for 1st month, Receive 3 months FREE!! (Web Hosting Deals)
- Buy 1 Month Get 1 Free - Shared cPanel Hosting + RVSkin/Fantastico by AllureHost.com (Web Hosting Deals)
- Byondspeed Enjoy! Free Cpanel Hosting: Subject (Web Hosting Deals)
- Byondspeed.com First Time 500Mb Space & 10GB Bnadwidth Free Hosting (Web Hosting Deals)
- FIRST MONTH FREE! Shared And Reseller Web Hosting Cpanel/fantastico/rvskin +more! (Web Hosting Deals)
McDonald's would have absolutely nothing to gain from distributing the Trojan concerned, it is a simple password/login collector and as such benefits only the hacker/phishing community. Indeed, as McDonald's has found out, the only payload for it here is bad publicity and lots of well deserved egg on the face.
By the way, and sorry to ask, but if you like the blog posting could you submit it to places like Digg, Slashdot and anywhere else you can think of? We are trying to increase the external traffic we get to Daniweb blogs