Sophos: Trojan Spreads Wiretapping Scare

Emails from a private investigator lead to malware infection

BOSTON -- IT security and control firm Sophos is warning of a new Trojan horse that tries to dupe recipients into believing that their telephone conversations are being recorded, to ultimately scare people into buying bogus security software for their computer.

According to Sophos, the Dorf-AH Trojan horse has been spammed out attached to an email claiming that the sender is a private detective listening to your phone calls. This 'detective' claims that he will reveal who has paid for the surveillance at a later date, but in the meantime the recipient should listen to a recording of a recent phone call (attached to the email as a password-protected RAR-archived MP3 file). In reality, however, the MP3 file is not an audio file of a telephone conversation, but a malicious executable program that installs malware, which it downloads from a dangerous website, onto the victim's computer.

An extract from a typical email reads as follows:

'I am working in a private detective agency. I can't say my name now. I want to warn you that I'm going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.

P.S. I'm sure, you don't believe me. But i think the record of your yesterday's conversation will assure you that everything is real.'

Amongst the malware downloaded is a piece of scareware which displays a fake Windows Security Center alert and tries to convince the victim to purchase bogus security software. Sophos experts note that a hacking gang has been making numerous attempts to infect people using this ruse over the past few weeks - however, initial attempts failed to work properly.

"This latest scam is evidence of the lengths hackers will go to infect unknowing consumers," said Mike Haro, senior security analyst at Sophos. "These hackers failed the first time around because they made fundamental mistakes in their malware code. Their second try has been much more successful and can install malware directly onto your PC if you try to listen to the alleged recordings of your phone conversations. Home users and businesses need to defend their email gateways with protection against the latest virus and spam attacks."

Sophos plc

Editors' Choice
Evan Schuman, Contributing Writer, Dark Reading
Tara Seals, Managing Editor, News, Dark Reading
Jeffrey Schwartz, Contributing Writer, Dark Reading