Spysoftcentral.com Fake "Order Approval Notification" Emails

20th July 2006

The following message is a fake invoice, allegedly from Spysoftcentral.com. In fact, it contains a trojan horse (a type of virus) that will infect your computer with spyware.

From: "Spysoftcentral Team" <sales@spysoftcentral.com>
To: [victim]
Subject: Order Approval Notification

****************************************************************************
SPY DOCTOR / Order : DD269901/
****************************************************************************
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the "From" field.
Please read the CUSTOMER SERVICE section for answers to your questions.
****************************************************************************

Dear Madame/Sir,

Thank you for your order. Spysoftcentral processes orders and collects payments
on behalf of PC Tools.

Your credit card (VISA) has been debited with GBP 79.39 and the level of credit
card authorization has been changed.
Please note that "WWW.SPYSOFTCENTRAL.COM" will appear on your credit card
statement, and not the name of the publisher (PC Tools).

You will receive detailed information on the shipment in a separate e-mail
that was sent at the same time as this e-mail.

*************************************************************************
SUBSCRIPTION
The following product involves a subscription:

Spyware Doctor - 3-months subscription
Duration of the subscription: Until cancelled
Payment interval: every 3 months
Order Date: 19 JUL 2006

The attachment to this e-mail includes an invoice for your order.

****************************************************************************
TECHNICAL SUPPORT

If you have any content-related or technical questions about the product,
please contact PC Tools directly.

Sincerely,
Your Spysoftcentral Team
_____________________________________________________________________

http://spysoftcentral.com
_____________________________________________________________________

This email has not been sent by the operators of Spysoftcentral.com, not is it anything to do with "PC Tools". The aim of this email is get you to open the zip file, and then run the executable file contained within it. Spysoftcentral.com is not connected with the trojan attached to the email, nor will they bill you.

(Note that this is not an endorsement of Spysoftcentral.com - if you are looking for details on that website we recommend you look at this page).

In this case, there was an attachment called DD269901.zip which unzipped to DD269901.exe, although the name of the attachment may vary.

As of 22/7/06, the detection rate for the trojan is patchy. According to the excellent VirusTotal site:
 

If you have run the executable attached to this email, then you should download or buy a reputable anti-spyware application or anti-virus program to disinfect your system. Unfortunately, we cannot give you specific guidance on how to disinfect your machine.