The Dowdec-A trojan arrives in the messages claiming to be related to the purchase of an iPod. The emails claim that the music player is being shipped via FedEx and that a payment of US$479.95 has been received from the recipient's e-gold account.
The malicious emails have the subject line 'Track your order'. The message body reads as follows:
Please read the following message carefully.
We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.
The amount of US$479.95 USD was recieved from your e-gold account.
The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.
Read it carefully to make sure that there's no mistakes in characteristics of chosen product.
We appreciate your choice!
According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted, if the payment method was credit card.
IPod For Your, Yahoo Shopping.'
Security firm Sophos warned that a file called OrderInf.zip, which unpacks to OrderInfo.exe, is attached to the emails.
Executing this file infects the user's computer with a trojan that attempts to download further malicious code from the internet. The trojan only works on Windows computers, and cannot infect Apple Macs.
"With luck the spelling mistakes in this email will warn many users that there is something not quite right about it," said Graham Cluley, senior technology consultant at Sophos.
"Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost US$500 has been taken from their account.
"But everyone should practise safe computing, and be wary of any unsolicited email attachment that arrives in their inbox. Hackers are aiming to infiltrate the Windows computers of home users in their pursuit of more people to spy on and steal from."