Troj/Dloadr-AMA

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Included in our products from	October 2006 (4.10)
Protection available since	23 August 2006 08:37:41 (GMT)
Detected by	All Sophos products

Troj/DLoadr-AMA is a downloader Trojan for the Windows platform.

Troj/DLoadr-AMA has been spammed out in email messages with the following characteristics:

Attachment name: PAYCHECK.ZIP, unpacks to paycheck_322082.exe

Subject: [paycheck 322082] Credit Card Chargeback

Message text:

Sir,

We have received a notice from your card service stating that there was a chargeback made by the owner of the card that you paid for

your account with. This is a very serious matter.

I have deducted the amount of the chargeback, GBP 102.10, from your account and added our standard fee of GBP 23.95 as well. (You can

see your payment details in attachment.)

If there was some mistake, please let us know immediately so that we

can get this situation resolved. We ask that you have the chargeback

removed as soon as possible, as our account has already been debited for the amount in question.

If you would prefer to make your payment using a new payment

method that would be fine as well (you can use a different credit card or you may send a money order payable to Cihost).

This is a time sensitive issue and must be resolved promptly at the

request of the card service. Please email the billing team using the Web Administration Panel with information about how you are going

to deal with this situation.

I thank you for your time and hope to hear from you

soon.

See your payment details in attachment.

Sincerely,

Frank J. Cornwell

Cihost Billing Management

Get reports about the latest virus and spyware threats delivered to your computer