Security news
Security news27 February 2006
Clagger-H Trojan spammed out as message from PayPal Beware warning that your PayPal account is "temporally limited"
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users to be wary of emails claiming that their PayPal account has been "temporally limited", after a Trojan horse was spammed to internet users. Sophos's global network of monitoring stations have sighted many instances of the Trojan since it was first discovered on Friday 24 February.
The Troj/Clagger-H Trojan horse has been distributed as an attachment in emails with the following characteristics:
Subject: Notification: Your Account Temporally Limited
Message body:
Dear PayPal customer!
As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:
We recently received a report of credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.You can check your transaction details in attachment.
Case ID Number: RR-0922-014
If, after reviewing your transaction information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Sincerely, PayPal Account Review Department
PayPal Email ID RR-0922
"This Trojan horse has been aggressively seeded by its creator, using spam technology, to distribute malicious code to as many vulnerable computers as possible, in the shortest amount of time," said Graham Cluley, senior technology consultant at Sophos. "However, a simple spelling mistake in the subject line should alert innocent recipients that this isn't a genuine message from PayPal. A real message from PayPal would never contain an attached executable file, and people should always think carefully before running unsolicited code on their computer."
Sophos customers have been automatically protected against the Trojan horse since 14:43 GMT, 24 February 2006.
"Many people coming into work on Monday morning may have found this email in their inbox," continued Cluley. "Anyone unfortunate enough to run this program is running the risk of allowing hackers to gain access to their computer to spy, steal and cause havoc."
Sophos recommends companies protect their email with a consolidated solution to thwart the virus, spyware and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
