'Anti-spyware' Trojan hits 100,000 UK firms

An email claiming to originate from an anti-spyware company is being used to spread a new Trojan downloader, security experts warned today.

BlackSpider Technologies said that the email is a classic example of social engineering.

It purports to come from the customer service department of a legitimate anti-spyware company confirming a subscription to one of its products and the deduction of £79.39 from the recipient's credit card account.

The email goes on to claim that the attachment contains the detailed invoice, but it actually contains the Downloader.Bancos Trojan which can be used to download new malware onto the PC.

The virus enjoyed a window of exposure of just three and a half hours, according to BlackSpider.

It was first seen by the firm at 10:06 GMT on 20 July and 100,000 of the virus-laden emails were sent to UK businesses before it was finally patched at 13:40.

The body of the email reads:

Dear Madame/Sir

Thank you for your order. Spysoftcentral processes orders and collects payments on behalf of PC Tools.

Your credit card (VISA) has been debited with GBP 79.39 and the level of credit card authorization has been changed.

Please note that "www.spysoftcentral.com" will appear on your credit card statement, and not the name of the publisher (PC Tools).

You will receive detailed information on the shipment in a separate e-mail that was sent at the same time as this e-mail.

James Kay, chief technology officer at BlackSpider, said: "This is not the first time virus writers have used PC users' anxiety over spyware to entice them to open a malicious attachment.

"As far as social engineering goes, I would not be surprised if lots of people were duped by this ploy."