Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Dorf malware scares victims into buying unnecessary software.

Sophos : 20 November, 2007  (Technical Article)
Sophos issues warning about bogus private investigator e-mail which dupes victims into buying security software using scare tactics.
IT security and control firm Sophos is warning of a new Trojan horse that tries to dupe recipients into believing that their telephone conversations are being recorded, in a ruse to ultimately scare people into buying bogus security software for their computer.

According to Sophos, the Dorf-AH Trojan horse has been spammed out attached to an email claiming that the sender is a private detective listening to your phone calls. This 'detective' claims that he will reveal who has paid for the surveillance at a later date, but in the meantime the recipient should listen to a recording of a recent phone call (attached to the email as a password-protected RAR-archived MP3 file). In reality, however, the MP3 file is not an audio file of a telephone conversation, but a malicious executable program that installs malware, which it downloads from a dangerous website, onto the victim's computer.

An extract from a typical email reads as follows:.

'I am working in a private detective agency. I can't say my name now. I want to warn you that i'm going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.

PS I'm sure, you don't believe me. But i think the record of your yesterday's conversation will assure you that everything is real.'

Amongst the malware downloaded is a piece of scareware which displays a fake Windows Security Centre alert and tries to convince the victim to purchase bogus security software. Sophos experts note that a hacking gang has been making numerous attempts to infect people using this ruse over the past few weeks - however, initial attempts failed to work properly.

'This attack has gone from defective to detective - these private dicks failed first time round because they made fundamental mistakes in their malware code. Now, in this latest case, the authors' emails are more than capable of infecting the unwary,' said Graham Cluley, senior technology consultant at Sophos. 'If you fall for the trick and try to listen to the alleged recordings of your phone conversations, you'll actually install malware directly onto your PC. Home users and businesses need to defend their email gateways with protection against the latest virus and spam attacks.'


'It may seem hard to believe that anyone would fall for a trick like this, but it wouldn't be a surprise if people tried to run the attachment just out of curiosity,' continued Cluley. 'Some may even assume it is a joke recording and not realise they are putting their computer, and indeed their wallet, in danger.'

Sophos products proactively protect users against this latest version of the Dorf malware. Users of solutions from other vendors are advised to update their protection.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo