Trojan Horse Poses as Charity Solicitation

Playing on peoples sympathies for the victims of the recent terrorist attacks, a new Trojan horse program is attempting to steal credit card data.

Masquerading as a donation form for the American Red Crosss disaster relief efforts, the program, known as Septer.troj, arrives via e-mail. Once users enter their information into the form, the Trojan creates a file called cctaker.ini, encrypts the data and then sends it to the authors website, where the credit-card data is collected.

Although it is an e-mail-based program, the Trojan is not a virus. It cannot replicate or propagate itself, meaning that users must forward it in order for it to spread.

The malicious program first appeared in Asia late last week and is spreading fairly slowly in the United States, antivirus vendors say.

In addition to credit card numbers, the form also requests the users name, address, phone number, e-mail address and company name, according to an alert published by Trend Micro Inc.

The Trojan is considered a low-level threat, mainly because user action is required for it to spread.

“Its very low risk. The only samples we saw were taken off two Web sites,” said Vincent Weafer, Symantec senior director at Symantec Security response team.

The perpetrator would more likely harvest credit cards numbers rather than try to collect on a donation.

“If they tried to collect the money, it would lead a direct trail right back to them,” Weafer said.

Law enforcement authorities are investigating, he added. However, there are no reports of anyone being duped by the offending e-mail.

John Dodge of Ziff Davis News Service contributed to this article.