The Troj/Dorf-AH Trojan horse has been spammed out attached to an e-mail claiming that the sender is a private detective listening to your phone calls. The "detective" claims that he will reveal who has paid for the surveillance at a later date, but for the mean time the recipient should listen to a recording of a recent phone call (which is attached to the e-mail as a password-protected RAR-archived MP3 file).
A typical e-mail reads, in part, as follows:
I am working in a private detective agency. I can't say my name now. I want to warn you that i'm going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.
P.S. I'm sure, you don't believe me. But i think the record of your yesterday's conversation will assure you that everything is real.
In reality, however, the MP3 file is not an audio file of a telephone conversation, but a malicious executable program that installs further malware onto the victim's computer which it downloads from a dangerous Web site. Amongst these is a piece of scareware which displays a fake Windows Security Center alert and tries to convince the victim to purchase bogus security software.
Experts note that a hacking gang has been making different attempts to infect people with this ruse for a couple of weeks -- however, initial attempts failed to work properly.
"The first spam-run of this Trojan horse failed for the malware authors because they made fundamental mistakes in their code. Now their e-mails are capable of infecting the unwary, while posing as a private investigator," said Graham Cluley, senior technology consultant at Sophos. "If you fall for the trick and try and listen to the alleged recordings of your phone conversations then you will actually be unwittingly installing malware directly onto your PC. Home users and businesses need to defend their e-mail gateways with protection against the latest virus and spam attacks."
