Description: Malicious program that downloads and installs other software onto the infected machine.

Infection: The Trojan in introduced as a result of a spam email which attempts to trick the recipient into browsing to a web site which contains W32/Downloader.SEL@dl.

An example of the spam email:

Subject: Your payment done.

From: Amazon.co.uk <payments-support@amazon.co.uk>

Dear customer!

We're writing to let you know that we've initiated a transfer from your bank account (Last 4-digits: 0402) for the following amount:

GBP 313.14  (ORDER #0220873 , DATE #20.03.2006)

Funds should leave account in approximately three to five working days.

See your statement details in attachment.

To review your account at any time, please access your Account Summary:

https://payments.amazon.co.uk/exec/login?

If you have any questions or concerns regarding this settlement, please contact us at

payments-support@amazon.co.uk

Amazon.co.uk  Marketplace -- Amazon Services Europe S.a.r.l.

Sell Your Stuff

http://www.amazon.co.uk

Once infected, W32/Downloader.SEL@dl will attempt to download and install another program to the infected machine. Additional programs downloaded may vary but can include software designed to steal financial information from online banking activity.

Detection: Command Antivirus version 4.92.3 or higher with definition files dated March 20, 2006 or later will detect this Trojan.

Removal (Manual Method):

Once executed, W32/Downloader.SEL@dl deletes itself. Therefore removal depends on any programs downloaded and can vary.