high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | April 2006 (4.04) |
| Protection available since | 24 February 2006 14:43:58 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Clagger-H is a Trojan for the Windows platform.
Troj/Clagger-H includes functionality to download, install and run new software.
The Trojan horse has been seen spammed out in emails with the following characteristics:
Subject: Notification: Your Account Temporally Limited
Message body:
Dear PayPal customer!
As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your account.We requested
information from you for the following reason:
We recently received a report of credit card use associated with this account. As a precaution, we
have limited access to your PayPal account in order to protect against future unauthorized
transactions.You can check your transaction details in attachment.
Case ID Number: RR-0922-014
If, after reviewing your transaction information, you
seek further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
PayPal Email ID RR-0922 Troj/Clagger-H is a Trojan for the Windows platform.
Troj/Clagger-H includes functionality to download, install and run new software.
The Trojan horse has been seen spammed out in emails with the following characteristics:
Subject: Notification: Your Account Temporally Limited
Message body:
Dear PayPal customer!
As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your account.We requested
information from you for the following reason:
We recently received a report of credit card use associated with this account. As a precaution, we
have limited access to your PayPal account in order to protect against future unauthorized
transactions.You can check your transaction details in attachment.
Case ID Number: RR-0922-014
If, after reviewing your transaction information, you
seek further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
PayPal Email ID RR-0922
Troj/Clagger-H attempts to download to the Windows folder and run the suhoy.exe file which is detected as Troj/CashGrab-N.
The following registry entries are set, affecting internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FiREWaLLpolicy\StAnDaRDPrOFiLe\AUtHorizedapplications\List
<pathname of the Trojan executable>
<current folder>\<original filename>:*:ENABLED:_
|
