Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users to be wary of emails claiming that their PayPal account has
been "temporally limited", after a Trojan horse was spammed to
internet users. Sophos's global network of monitoring stations have
sighted many instances of the Trojan since it was first discovered
on Friday 24 February.
The Troj/Clagger-H Trojan
horse has been distributed as an attachment in emails with the
following characteristics:
Subject:
Notification: Your Account Temporally
Limited
Message body:
Dear PayPal customer!
As part of our security measures, we regularly screen
activity in the PayPal system. We recently contacted you after
noticing an issue on your account.We requested information from you
for the following reason:
We recently received a report of credit card use associated
with this account. As a precaution, we have limited access to your
PayPal account in order to protect against future unauthorized
transactions.You can check your transaction details in
attachment.
Case ID Number: RR-0922-014
If, after reviewing your transaction information, you seek
further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact
Us".
We thank you for your prompt attention to this matter.
Please understand that this is a security measure intended to help
protect you and your account. We apologize for any
inconvenience.
Sincerely,
PayPal Account Review
Department
PayPal Email ID RR-0922
"This Trojan horse has been aggressively seeded by its creator,
using spam technology, to distribute malicious code to as many
vulnerable computers as possible, in the shortest amount of time,"
said Graham
Cluley, senior technology consultant at Sophos. "However, a
simple spelling mistake in the subject line should alert innocent
recipients that this isn't a genuine message from PayPal. A real
message from PayPal would never contain an attached executable
file, and people should always think carefully before running
unsolicited code on their computer."
Sophos customers have been automatically protected against the
Trojan horse since 14:43 GMT, 24 February 2006.
"Many people coming into work on Monday morning may have found
this email in their inbox," continued Cluley. "Anyone unfortunate
enough to run this program is running the risk of allowing hackers
to gain access to their computer to spy, steal and cause
havoc."
Sophos recommends companies protect their email with a consolidated solution to thwart the virus, spyware
and spam threats as well as secure their desktop and servers with
automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.