Application security

Bogus Amazon email hides phishing trojan

IT security experts warned internet users yesterday to be wary of emails claiming to come from Amazon that threaten to delete more than 300 pounds sterling from recipients' credit cards.

The mails are actually acting as a vector for the Clagger-K trojan, which if activated by unwitting recipients, could allow a remote hacker to take full control of their PCs.

The spam emails, which are spreading globally, typically have the following characteristics:

"From: Subject: Your payment done.

'Message text:
'Dear customer!
We're writing to let you know that we've initiated a transfer from your bank account
(Last 4-digits: 0402) for the following amount:

GBP 313.14 (ORDER #0220873 , DATE #20.03.2006)

Funds should leave account in approximately three to five working days.

See your statement details in attachment.

To review your account at any time, please access your Account Summary If you have any questions or concerns regarding this settlement, please contact us at [email protected] Marketplace -- Amazon Services Europe S.a.r.l. Sell Your Stuff

Attached file: STATEMENT_#0220873.exe"

"These emails do not really come from Amazon, and clicking on the attached file will install a malicious trojan horse on your computer," said Graham Cluley, senior technology consultant at Sophos. "Once it has slipped under your radar, this trojan is capable of downloading further malicious code from the internet, giving hackers access to your PC. A real message from Amazon would never contain an attached executable file, and people should always think carefully before running unsolicited code on their computer."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.