We are currently receiving samples for a PayPal scam. According to the email, the user is told that their account has been limited because of a report of a credit card use and for the user’s own protection they have limited the access to the account. The transaction details are suppose to be in the attachment. But I guess no transaction details are really included because the attachment is a windows executable file, the filename of this attachment is TT-022-421-683.ZIP. which after extraction will create a .EXE file with the same filename. Please beware of this scam. Below is a sample email of the said scam.

Update (Jasper, Fri, 25 Aug 2006 05:03:04 PM)

This threat is now detected as TROJ_CLAGGE.A.

Update (Jasper, Mon, 28 Aug 2006 09:02:44 AM)

TROJ_CLAGGE.A has been renamed to TROJ_CLAGGER.E. It is detected with CPR 3.684.01.