Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a Trojan horse that has been spammed out claiming to be a
notification that an Apple iPod MP3 player has been shipped to
them, and their account has been charged almost $500.
Sophos has received reports of the Troj/Dowdec-A Trojan
horse, which arrives in a message claiming to be related to the
purchase of an Apple iPod. The emails claim that the popular music
player is being shipped via FedEx and that a payment of $479.95 has
been received from the recipient's e-gold account.
The malicious emails have the subject line
The message body reads as follows:
Dear <email address>,
Please read the following message carefully.
We notify that your order was approved and shipped to you
via FedEx 2Day Service, track 792531968828.
The amount of $479.95 USD was recieved from your e-gold
The details of transaction and specification of chosen product
we send you in self-extracting compressed-zip file.
Read it carefully to make sure that there's no mistakes in
characteristics of chosen product.
We appreciate your choice!
According to the rules, refund must be based on your original
method of payment. Any requests to refund using e-gold are not
accepted, if the payment method was credit card.
IPod For Your, Yahoo Shopping.
Attached to the emails is a file called OrderInf.zip, which
unpacks to OrderInfo.exe. Executing this file infects the user's
computer with a Trojan horse that attempts to download further
malicious code from the internet. The Trojan horse only works on
Windows computers, and cannot infect Apple Macs.
"With luck the spelling mistakes in the email will warn many
users that there is something not quite right about this email.
Additionally, anyone who doesn't use e-gold should be able to smell
a rat when it is claimed that almost $500 has been taken from their
account," said Graham
Cluley, senior technology consultant for Sophos. "But everyone
should practise safe computing, and be wary of any unsolicited
email attachment that arrives in their inbox. Hackers are aiming to
infiltrate the Windows computers of home users in their pursuit of
more people to spy on and steal from.."
Sophos's anti-virus products were automatically updated to
protect against the Troj/Dowdec-A Trojan horse at 09:43 GMT on 29
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as apply an email policy
that filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.