dynamoo.com home

 
Site navigation

home
blog
technical
diary
webmaster
orange book
moobiles
shop
contact
links
  
Updated
July 2006

  © Dynamoo 2006

 

 

 

Spysoftcentral.com Fake "Order Approval Notification" Emails

20th July 2006

The following message is a fake invoice, allegedly from Spysoftcentral.com. In fact, it contains a trojan horse (a type of virus) that will infect your computer with spyware.

    From: "Spysoftcentral Team" <sales@spysoftcentral.com>
    To: [victim]
    Subject: Order Approval Notification

    ****************************************************************************
    SPY DOCTOR / Order : DD269901/
    ****************************************************************************
    This e-mail was generated by a mail handling system. Please do not reply
    to the address listed in the "From" field.
    Please read the CUSTOMER SERVICE section for answers to your questions.
    ****************************************************************************

    Dear Madame/Sir,

    Thank you for your order. Spysoftcentral processes orders and collects payments
    on behalf of PC Tools.

    Your credit card (VISA) has been debited with GBP 79.39 and the level of credit
    card authorization has been changed.
    Please note that "
    WWW.SPYSOFTCENTRAL.COM" will appear on your credit card
    statement, and not the name of the publisher (PC Tools).

    You will receive detailed information on the shipment in a separate e-mail
    that was sent at the same time as this e-mail.

    *************************************************************************
    SUBSCRIPTION
    The following product involves a subscription:

    Spyware Doctor - 3-months subscription
    Duration of the subscription: Until cancelled
    Payment interval: every 3 months
    Order Date: 19 JUL 2006

    The attachment to this e-mail includes an invoice for your order.

    ****************************************************************************
    TECHNICAL SUPPORT

    If you have any content-related or technical questions about the product,
    please contact PC Tools directly.

    Sincerely,
    Your Spysoftcentral Team
    _____________________________________________________________________

    http://spysoftcentral.com
    _____________________________________________________________________

This email has not been sent by the operators of Spysoftcentral.com, not is it anything to do with "PC Tools". The aim of this email is get you to open the zip file, and then run the executable file contained within it. Spysoftcentral.com is not connected with the trojan attached to the email, nor will they bill you.

(Note that this is not an endorsement of Spysoftcentral.com - if you are looking for details on that website we recommend you look at this page).

In this case, there was an attachment called DD269901.zip which unzipped to DD269901.exe, although the name of the attachment may vary.

As of 22/7/06, the detection rate for the trojan is patchy. According to the excellent VirusTotal site:
 

Antivirus

Version

Update

Result

AntiVir

6.35.0.21

07.20.2006

TR/Dldr.Agent.aqj

Authentium

4.93.8

07.20.2006

W32/Downloader.AEWM

Avast

4.7.844.0

07.19.2006

no virus found

AVG

386

07.20.2006

Downloader.Generic2.GXF

BitDefender

7.2

07.20.2006

Trojan.Downloader.Agent.ACC

CAT-QuickHeal

8.00

07.20.2006

TrojanDownloader.Agent.aqj

ClamAV

devel-20060426

07.20.2006

Trojan.Downloader.Small-1714

DrWeb

4.33

07.20.2006

Trojan.DownLoader.11018

eTrust-InoculateIT

23.72.73

07.20.2006

Win32/Difisim.6720!Trojan

eTrust-Vet

12.6.2303

07.20.2006

no virus found

Ewido

4.0

07.20.2006

Downloader.Agent.aqj

Fortinet

2.77.0.0

07.20.2006

W32/Dloadr.AJK!tr

F-Prot

3.16f

07.20.2006

security risk named W32/Downloader.AEWM

F-Prot4

4.2.1.29

07.20.2006

W32/Downloader.AEWM

Ikarus

0.2.65.0

07.20.2006

Trojan.Downloader

Kaspersky

4.0.2.24

07.20.2006

Trojan-Downloader.Win32.Agent.aqj

McAfee

4811

07.20.2006

no virus found

Microsoft

1.1508

07.20.2006

no virus found

NOD32v2

1.1670

07.20.2006

Win32/TrojanDownloader.Small.NIH

Norman

5.90.23

07.20.2006

no virus found

Panda

9.0.0.4

07.20.2006

Trj/Nabload.GX

Sophos

4.07.0

07.20.2006

Troj/Dloadr-AJK

Symantec

8.0

07.20.2006

Downloader.Bancos

TheHacker

5.9.8.178

07.19.2006

no virus found

UNA

1.83

07.20.2006

TrojanDownloader.Win32.Agent

VBA32

3.11.0

07.20.2006

Trojan-Downloader.Win32.Agent.aqj

VirusBuster

4.3.7:9

07.20.2006

Trojan.DL.Small.CVI

If you have run the executable attached to this email, then you should download or buy a reputable anti-spyware application or anti-virus program to disinfect your system. Unfortunately, we cannot give you specific guidance on how to disinfect your machine.

 

 Subj: Shopping and Services

 

 home   technical   diary   webmaster stuff   orange book   shop   contact   links   your privacy