Trojan Horse being sent by?

leesmithg

Answer is sales@spysoftcentral.com.

You also receive a message like the one below.

---

****************************************************************************
SPY DOCTOR / Order : DD269901/
****************************************************************************
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the "From" field.
Please read the CUSTOMER SERVICE section for answers to your questions.
****************************************************************************

Dear Madame/Sir,

Thank you for your order. Spysoftcentral processes orders and collects payments
on behalf of PC Tools.

Your credit card (VISA) has been debited with GBP 79.39 and the level of credit
card authorization has been changed.
Please note that "WWW.SPYSOFTCENTRAL.COM" will appear on your credit card
statement, and not the name of the publisher (PC Tools).

You will receive detailed information on the shipment in a separate e-mail
that was sent at the same time as this e-mail.

*************************************************************************
SUBSCRIPTION
The following product involves a subscription:

Spyware Doctor - 3-months subscription
Duration of the subscription: Until cancelled
Payment interval: every 3 months
Order Date: 19 JUL 2006

The attachment to this e-mail includes an invoice for your order.

****************************************************************************
TECHNICAL SUPPORT

If you have any content-related or technical questions about the product,
please contact PC Tools directly.

Sincerely,
Your Spysoftcentral Team
_____________________________________________________________________

http://spysoftcentral.com
_____________________________________________________________________

---

It contains an attachment named 'DD269901.zip'
It's called 'Downloader.Bancos'

Details can be found here


It's an information stealer. Seems like it's being mass mailed as it went to my unique hotmail.co.uk account.

Browntoa

spoof emails as well

http://www.spysoftcentral.com/

News:

07/21/06 I've notified the proper authorities (ic3.gov) internet
crimes division of the email spoofs. All customers
are reporting the same thing that they have a
fraudlent charge from the payee of this website and
the order#dd26990.

Please understand that the charges you may have
received on your credit card were not charged by this
site, this site neither charges customers directly, nor
solicits emails of any kind.

07/20/06 Today I have received many complaint emails about
fradulent charges charged to
https://www.spysoftcentral.com, first off
https://www.spysoftcentral.com does not charge any money
directly to this site, all money goes through
companies like esellerate.net and
https://www.clickbank.com, the emails were sent by
someone claiming to be from this site, however the
charges are going else where. Please do not open
the attachments to these emails, many have told me
that they contain viruses. Please dispute this
charge, I am looking into this matter.

-Andrew

leesmithg

Email details etc.

X-Account-Key: account12
X-UIDL: 73CFCC27-7276-443C-B8C5-A3F67A4736A7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
X-Symantec-TimeoutProtection: 2
X-Symantec-TimeoutProtection: 3
X-Symantec-TimeoutProtection: 4
X-Symantec-TimeoutProtection: 5
X-Symantec-TimeoutProtection: 6
X-Symantec-TimeoutProtection: 7
X-Symantec-TimeoutProtection: 8
X-Symantec-TimeoutProtection: 9
X-WebMail: true
X-Folder: INBOX
X-Message-Status: n:0
X-SID-PRA: Spysoftcentral Team <sales@spysoftcentral.com>
X-SID-Result: TempError
X-Message-Info: LsUYwwHHNt31m/boOQ4yI896YVOVEo235tRKXUOf0q8=
Received: from cpe-69-202-103-179.twcny.res.rr.com ([69.202.103.179]) by bay0-pamc1-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 21 Jul 2006 00:16:54 -0700
Date: Fri, 21 Jul 2006 04:08:35 -0400
From: "Spysoftcentral Team" <sales@spysoftcentral.com>
X-Priority: 3 (Normal)
Message-Id: <18710359.09175471@trellis>
To: josephinp@hotmail.co.uk <--not my unique email address
Subject: Order Approval Notification
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="

---

39868035EA27A7"
Return-Path: gird@ffff.com
X-OriginalArrivalTime: 21 Jul 2006 07:16:54.0587 (UTC) FILETIME=[A50D88B0:01C6AC95]
X-NAS-BWL: No match found for 'sales@spysoftcentral.com' (1 addresses, 0 domains)
X-NAS-Language: English
X-NAS-Bayes: #0: 1.92798E-091; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 50
X-NAS-Validation: {DF499DA8-4CA5-42A4-9BCE-8CBBE84A512C}

---

39868035EA27A7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

****************************************************************************
SPY DOCTOR / Order : DD269901/
****************************************************************************
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the "From" field.
Please read the CUSTOMER SERVICE section for answers to your questions.
****************************************************************************

Dear Madame/Sir,

Thank you for your order. Spysoftcentral processes orders and collects payments
on behalf of PC Tools.

Your credit card (VISA) has been debited with GBP 79.39 and the level of credit
card authorization has been changed.
Please note that "WWW.SPYSOFTCENTRAL.COM" will appear on your credit card
statement, and not the name of the publisher (PC Tools).

You will receive detailed information on the shipment in a separate e-mail
that was sent at the same time as this e-mail.

*************************************************************************
SUBSCRIPTION
The following product involves a subscription:

Spyware Doctor - 3-months subscription
Duration of the subscription: Until cancelled
Payment interval: every 3 months
Order Date: 19 JUL 2006

The attachment to this e-mail includes an invoice for your order.

****************************************************************************
TECHNICAL SUPPORT

If you have any content-related or technical questions about the product,
please contact PC Tools directly.

Sincerely,
Your Spysoftcentral Team
_____________________________________________________________________

http://spysoftcentral.com
_____________________________________________________________________

---

39868035EA27A7
Content-Type: application/x-zip-compressed; name="DD269901.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="DD269901.zip"

UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==

---

39868035EA27A7--


I don't have a credit card either. My bank details are not linked to this email address.

So people don't open it up.

Dead_Eye_Jones

erm, such mails have been sent out for the last zillion years, if this is your 1st then you are lucky lol. Press delete, move on.

Its not uncommon to see virus files appear to come from friends addresses too, i think these still catch people out, i know my m8s often pass round games and stuff and just load em up without thinking, one day it'll be a virus

leesmithg

Dead_Eye_Jones wrote:

erm, such mails have been sent out for the last zillion years, if this is your 1st then you are lucky lol. Press delete, move on.

Its not uncommon to see virus files appear to come from friends addresses too, i think these still catch people out, i know my m8s often pass round games and stuff and just load em up without thinking, one day it'll be a virus

You miss the point, it was posted so those less savvy would not get infected.

Last year I received 10,000+ of em.

Now do you understand the point?