Security news29 August 2006
Phoney Apple iPod shipping notification email leads to Trojan horse Bogus email lures users into opening malicious attachment
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out claiming to be a notification that an Apple iPod MP3 player has been shipped to them, and their account has been charged almost $500.
Sophos has received reports of the Troj/Dowdec-A Trojan horse, which arrives in a message claiming to be related to the purchase of an Apple iPod. The emails claim that the popular music player is being shipped via FedEx and that a payment of $479.95 has been received from the recipient's e-gold account.
The malicious emails have the subject line
Track your order
The message body reads as follows:
Dear <email address>,
Please read the following message carefully.
We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.
The amount of $479.95 USD was recieved from your e-gold account.
The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.
Read it carefully to make sure that there's no mistakes in characteristics of chosen product.
We appreciate your choice!
According to the rules, refund must be based on your original method of payment.
Any requests to refund using e-gold are not accepted, if the payment method was credit card.
IPod For Your, Yahoo Shopping.
Attached to the emails is a file called OrderInf.zip, which unpacks to OrderInfo.exe. Executing this file infects the user's computer with a Trojan horse that attempts to download further malicious code from the internet. The Trojan horse only works on Windows computers, and cannot infect Apple Macs.
"With luck the spelling mistakes in the email will warn many users that there is something not quite right about this email. Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost $500 has been taken from their account," said Graham Cluley, senior technology consultant for Sophos. "But everyone should practise safe computing, and be wary of any unsolicited email attachment that arrives in their inbox. Hackers are aiming to infiltrate the Windows computers of home users in their pursuit of more people to spy on and steal from.."
Sophos's anti-virus products were automatically updated to protect against the Troj/Dowdec-A Trojan horse at 09:43 GMT on 29 August 2006.
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
