Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Dorf malware scares victims into buying unnecessary software.

Sophos : 20 November, 2007  (Technical Article)
Sophos issues warning about bogus private investigator e-mail which dupes victims into buying security software using scare tactics.
IT security and control firm Sophos is warning of a new Trojan horse that tries to dupe recipients into believing that their telephone conversations are being recorded, in a ruse to ultimately scare people into buying bogus security software for their computer.

According to Sophos, the Dorf-AH Trojan horse has been spammed out attached to an email claiming that the sender is a private detective listening to your phone calls. This 'detective' claims that he will reveal who has paid for the surveillance at a later date, but in the meantime the recipient should listen to a recording of a recent phone call (attached to the email as a password-protected RAR-archived MP3 file). In reality, however, the MP3 file is not an audio file of a telephone conversation, but a malicious executable program that installs malware, which it downloads from a dangerous website, onto the victim's computer.

An extract from a typical email reads as follows:.

'I am working in a private detective agency. I can't say my name now. I want to warn you that i'm going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.

PS I'm sure, you don't believe me. But i think the record of your yesterday's conversation will assure you that everything is real.'

Amongst the malware downloaded is a piece of scareware which displays a fake Windows Security Centre alert and tries to convince the victim to purchase bogus security software. Sophos experts note that a hacking gang has been making numerous attempts to infect people using this ruse over the past few weeks - however, initial attempts failed to work properly.

'This attack has gone from defective to detective - these private dicks failed first time round because they made fundamental mistakes in their malware code. Now, in this latest case, the authors' emails are more than capable of infecting the unwary,' said Graham Cluley, senior technology consultant at Sophos. 'If you fall for the trick and try to listen to the alleged recordings of your phone conversations, you'll actually install malware directly onto your PC. Home users and businesses need to defend their email gateways with protection against the latest virus and spam attacks.'

'It may seem hard to believe that anyone would fall for a trick like this, but it wouldn't be a surprise if people tried to run the attachment just out of curiosity,' continued Cluley. 'Some may even assume it is a joke recording and not realise they are putting their computer, and indeed their wallet, in danger.'

Sophos products proactively protect users against this latest version of the Dorf malware. Users of solutions from other vendors are advised to update their protection.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo