E-mail Claims to Intercept Phone Lines Installs Trojan

Security firm Sophos is cautioning users to be wary of a Trojan that has just started circulating through spam mails crafted to blackmail recipients that their phone calls were being monitored and ultimately to scare them into purchasing counterfeit security software to defend their computer systems.

The Trojan Troj/Dorf-AH is being distributed as a spam attachment that claims to be from a private investigator intercepting the recipient's telephone conversations. The e-mail sender promises to disclose the person who hired him for the job but currently asks the recipient to listen to an audio tape of one of his/her recent telephone calls attached as a password-protected MP3 file.

According to a sample e-mail, the sender introduces himself as a member of a private investigating agency. Without revealing his name, he tells about his plan to tap the recipient's telephone line. Then he says he would tell about the person who paid him in his next e-mail. But meanwhile, the recipient should listen to the telephone conversation the sender recorded to believe everything, the e-mail author stresses.

Sophos notes that among the various malware installed onto contaminated PCs, this item is a scareware that pops up a fraudulent alert via the Windows Security Center in an attempt to ruse victims into buying phony security software.

Sophos also said that the scammers delivering the scareware were gambling with it unsuccessfully for weeks until they found the recent tactic of sending a frightening message supposedly from a detective. Senior Technology Consultant for Sophos, Graham Cluley, said that the initial clicks on the file attachments failed because the malware code had fundamental mistakes. Now in the latest tick, the spam mails are capable of doing more than just infecting innocent users. TheRegister published Cluley's statement on November 20, 2007.

Cluley further said that people falling for the trick may be something difficult to believe but not surprising if they run the audio attachment out of sheer curiosity. Web User published this on November 20, 2007. While some may think the recording is a joke, they may not realize that their computer is in danger, Cluley added.

Related article: E-Crime Reporting Format To Be Launched in July

» SPAMfighter News - 12/4/2007