Thursday, 24 August 2006

Credit Card Chargeback Trojan on the Prowl

Sophos's global network of virus, spyware and Spam analysis centers, have warned of a Trojan horse that has been spammed out claiming that the recipient's credit card has been charged over 125 pounds.

The Trojan, dubbed Dloadr.AMA, arrives in an e-mail that claims to come from a company called Cihost, and has the subject line [paycheck 322082] Credit Card Chargeback. If you run the e-mail attachment called PAYCHECK.ZIP, it unpacks to install a Trojan that will attempt to download further malicious code from the Internet.

The message body reads as follows:

"Sir,
We have received a notice from your card service stating that there was a chargeback made by the owner of the card that you paid for your account with. This is a very serious matter.

I have deducted the amount of the chargeback, GBP 102.10, from your account and added our standard fee of GBP 23.95 as well. (You can see your payment details in attachment.)

If there was some mistake, please let us know immediately so that we can get this situation resolved. We ask that you have the chargeback removed as soon as possible, as our account has already been debited for the amount in question.

If you would prefer to make your payment using a new payment method that would be fine as well (you can use a different credit card or you may send a money order payable to Cihost).

This is a time sensitive issue and must be resolved promptly at the request of the card service. Please e-mail the billing team using the Web Administration Panel with information about how you are going to deal with this situation.

I thank you for your time and hope to hear from you soon."