Wednesday, 30 August 2006

Trojan Hidden in iPod Spam Threatens User Data: Sophos

Sophos has announced a Trojan horse that has been spammed out claiming to be a notification that an Apple iPod MP3 player has been shipped to them. The Dowdec-A Trojan horse arrives in an e-mail, which pretends that an Apple iPod has been shipped to you, and your account has been charged almost 500 US dollars.

According to the malicious e-mail, the iPod is being shipped via FedEx and that a payment of 479.95 US dollars has been received from the recipient's e-gold account.

The e-mail arrives with the subject line 'Track your order' and says, "We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828. The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file(...) IPod For Your, Yahoo Shopping."

It goes on to state - "We appreciate your choice! According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted, if the payment method was credit card.” ' Security firm Sophos warned that a file called OrderInf.zip, which unpacks to OrderInfo.exe, is attached to the e-mail.

Executing this file infects the user's computer with a Trojan that attempts to download further malicious code from the Internet. The Trojan only works on Windows computers, and cannot infect Apple Macs.

Graham Cluley senior technology consultant Sophos said, "with luck the spelling mistakes in this e-mail will warn many users that there is something not quite right about it."

"Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost 500 US dollars has been taken from their account.

"But everyone should practice safe computing, and be wary of any unsolicited e-mail attachment that arrives in their inbox. Hackers are aiming to infiltrate the Windows computers of home users in their pursuit of more people to spy on and steal from."