IT security and control firm Sophos is warning of a new Trojan
horse that tries to scare recipients into believing that their
telephone conversations are being recorded, in a ruse to ultimately
scare people into buying bogus security software for their
The Troj/Dorf-AH Trojan horse
has been spammed out attached to an email claiming that the sender
is a private detective listening to your phone calls. The
"detective" claims that he will reveal who has paid for the
surveillance at a later date, but for the mean time the recipient
should listen to a recording of a recent phone call (which is
attached to the email as a password-protected RAR-archived MP3
A typical email reads, in part, as follows:
I am working in a private detective agency. I can't say my
name now. I want to warn you that i'm going to overhear your
telephone line. Do you want to know who is the payer? Wait for my
P.S. I'm sure, you don't believe me. But i think the record
of your yesterday's conversation will assure you that everything is
The emails claim that a private detective is
wiretapping your telephone conversations.
In reality, however, the MP3 file is not an audio file of a
telephone conversation, but a malicious executable program that
installs further malware onto the victim's computer which it
downloads from a dangerous website. Amongst these is a piece of
scareware which displays a fake Windows Security Center alert and
tries to convince the victim to purchase bogus security
Scareware installed by the Dorf Trojan tries to
fool you into buying fake security software.
Sophos experts note that a hacking gang has been making
different attempts to infect people with this ruse for a couple of
weeks - however, initial attempts failed to work properly.
"It's a case of from defective to detective for this attack. The
first spam-run of this Trojan horse failed for the malware authors
because they made fundamental mistakes in their code. Now their
emails are capable of infecting the unwary, while posing as a
private investigator," said Graham Cluley, senior
technology consultant at Sophos. "If you fall for the trick and try
and listen to the alleged recordings of your phone conversations
then you will actually be unwittingly installing malware directly
onto your PC. Home users and businesses need to defend their email
with protection against the latest virus and spam attacks."
"It may seem hard to believe that anyone would fall for a trick
like this, but it wouldn't be a surprise if people tried to run the
attachment just out of curiousity as to what it contained,"
continued Cluley. "Some may even assume it is a joke recording and
not realising they are putting their computer, and indeed their
wallet, in danger."
Sophos products protect against this latest version of the Dorf
malware, ensuring that customers do not become infected. Users of
solutions from other vendors are advised to update their
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.