Press Releases

Browse our press release archive

30 May 2006

Trojan broadcasts bogus spyware warning to networked users

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have discovered a new twist in the tactics used by malware to promote controversial anti-spyware products.

After infecting a computer, the Troj/Paymite-J Trojan horse looks for other computers on the network and sends a fake warning message to them claiming that they are infected by spyware. The broadcast message tells recipients to visit a website immediately for a fix.

The Trojan sends fake warning messages

The Trojan sends fake warning messages.

"Non-technical computer users may not be able to tell the difference between this message and a legitimate warning, and hurry to visit the website," said Graham Cluley, senior technology consultant at Sophos. "If they visit the site they may be lured into installing so-called protection software that is hard to remove and consistently displays bogus warnings goading users into purchasing a full version of the program."

In the past, marketeers for unscrupulous software companies have sent spam emails, instant messages, and installed pop-up adverts containing bogus warnings of spyware and virus infections to try and encourage users to purchase software that they may not need.

"Because the warning message displays the computer's IP address, some may think it contains greater legitimacy than a regular pop-up advert. Furthermore, because the message's recipient has not run any suspicious code on their computer they may not realise it has been sent from a PC belonging to one of their colleagues on the network," continued Cluley. "Underhand and criminal tactics are being used to market goods to unsuspecting internet users. Everyone should exercise caution about whose software they run on their computer, and be careful not to believe every message or email their PC pops up in front of them."

Sophos has been protecting against the Troj/Paymite-J Trojan horse since 12:59 GMT, Friday 26 May and has automatically updated customers.

Sophos recommends companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.