The security vendor said the attachment actually contains the Troj/Dorf-AH Trojan horse, an executable program that installs malware. Furthermore, the sender claims it’s a "detective" who will reveal who has paid for the phone tapping at a later date, but attempts to persuade its victims to open the attachment and listen to the recording.
The email reads: “I am working in a private detective agency. I can't say my name now. I want to warn you that I'm going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.
"P.S. I'm sure, you don't believe me. But i think the record of your yesterday's conversation will assure you that everything is real."
According to Graham Cluley, senior technology consultant at Sophos: "It's a case of from defective to detective for this attack. The first spam-run of this Trojan horse failed for the malware authors because they made fundamental mistakes in their code. Now their emails are capable of infecting the unwary, while posing as a private investigator."
Sophos experts note that a hacking gang has been making different attempts to infect people with this ruse for a couple of weeks, however initial attempts failed to work properly.
"It may seem hard to believe that anyone would fall for a trick like this, but it wouldn't be a surprise if people tried to run the attachment just out of curiosity,” Cluley said.
Sophos tap into phone tapping spam
By Staff Writers on Nov 21, 2007 5:19PM