Erap Estrada Trojan horse threat overhyped

Sophos Press Release

Some users have been alarmed today by reports from the National Infrastructure Protection Center (NIPC) about a new Trojan horse called Erap Estrada or Philippines Trojan horse. According to the NIPC alert an email is spreading with the subject line "Erap Estrada" (the nickname of the President of the Philippines, Joseph Estrada) with a malicious attachment.

Sophos Anti-Virus researchers have determined that the malicious attachment is in fact a Trojan horse called Troj/DonaldDick (also known as DonaldD or DonaldD.Trojan).

"Reports of attacks by Troj/DonaldDick seem to have been grossly exaggerated by the media," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "There seem to be more emails being sent back-and-forth about this 'threat' than actual sightings."

Troj/DonaldDick was first discovered in September 1999, and should pose no threat to companies who have kept their anti-virus protection up to date.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at