Information Security Bulletin

100,000 UK Business Hit by Fake Anti-Spyware Trojan Email

21 Jul 04:02

An email claiming to be from an anti-spyware company is being used to spread a new Trojan-downloader, according to BlackSpider Technologies, the on-demand security service from SurfControl plc.

The email is a classic example of social engineering. It is purportedly from the customer service department of a legitimate anti-spyware company confirming subscription to one of its products and the deduction of 79.39 from the recipients credit card account. The email claims that the attachment contains the detailed invoice when the attachment is opened, however, Trojan-Downloader.Bancos is downloaded. The Trojan can then be used to download new malware on to the PC.

The virus enjoyed a window of exposure of a little more than three-and-a-half hours: the email was first seen by BlackSpider at 10:06 (20 July) and 100,000 of the virus-laden emails were sent to UK businesses before it was finally patched at 13:40 (20 July).

The body of the email reads:

SPY DOCTOR / Order : DD269901/
This e-mail was generated by a mail handling system. Please do not reply to the address listed in the "From" field.
Please read the CUSTOMER SERVICE section for answers to your questions.

Dear Madame/Sir,

Thank you for your order. Spysoftcentral processes orders and collects payments on behalf of PC Tools.

Your credit card (VISA) has been debited with GBP 79.39 and the level of credit card authorization has been changed.

Please note that "WWW.SPYSOFTCENTRAL.COM" will appear on your credit card statement, and not the name of the publisher (PC Tools).

You will receive detailed information on the shipment in a separate e-mail that was sent at the same time as this e-mail.

SUBSCRIPTION
The following product involves a subscription:

Spyware Doctor - 3-months subscription
Duration of the subscription: Until cancelled Payment interval: every 3 months Order Date: 19 JUL 2006

The attachment to this e-mail includes an invoice for your order.

TECHNICAL SUPPORT

If you have any content-related or technical questions about the product, please contact PC Tools directly.

Sincerely,
Your Spysoftcentral Team

James Kay, CTO, BlackSpider Technologies, comments: This is not the first time virus writers have used PC users anxiety over spyware to entice them to open a malicious attachment. As far as social engineering goes, I wouldnt be surprised at all if lots of people were duped by this ploy.

Related links: (Open in a new window.)
www.blackspider.com

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe? Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Management
The Importance of Adaptability
Steve Purser

From the Trenches
Reversing Perimeter Defences – a Case Study
Søren Maigaard

Security Architectures
The Self Defending Network: New Trends In ICT Security Infrastructures
Drs. Ing. René Pluis

Subscribe Online!