TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

July 2, 2007 |

iPhone fans lured to malware site with free iPhone

By John Pospisil





iPhone fans lured to malware site with free iPhoneThe lure of a free iPhone is tricking gullible computer users into visiting a web site that will infect their computer with malware.

According to Secure Computing, an spam email telling recipients that they’ve won an iPhone is doing the rounds. The email directs victims to a website that is attempting to exploit over 10 Active X vulnerabilities in its efforts to install a malicious payload, including the MSODataSourceControl vulnerability.

The website is tracking visitors on the site and then redirecting repeat visitors to a different, clean webpage in efforts to thwart security researchers as well as using XOR encryption to obfuscate the attack

The infected computer is incorporated into a” botnet”. Botnets are networks made up of computers — the zombies – that are infected with bots. Bots often reach computers in emails that use social engineering or exploit system vulnerabilities. The aim is for them to be installed silently and to operate for long periods of time without users or security companies realizing.

The botnets are used to facilitate crimes such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam, adware and spyware.

“This [attack] yet again confirms the expanding trend in web-borne malware,” said Paul Henry, vice president of technology evangelism for Secure Computing.

“This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities to improve the malicious hacker’s chances of gaining the necessary access to install the rootkit /spam bot malware. While most organizations fully inspect the traffic directed to their Internet facing web servers, many do not inspect the traffic that is returned to their internal users when visiting Internet web sites.”

Spammers often take advantage of current affairs to trick people into visiting web sites. For example after the recent Virginia Tech tragedy, spammers flooded email inboxes with spam messages offering camera phone footage of the Virginia Tech shootings.

Related:

  • Dangerous Botnet threatens online iPhone buyers
  • New site pulls publicity stunt to showcase iPhone unlock software
  • iPhone Dev Team strikes back at Apple’s threats
  • AT&T makes another empty promise of free WiFi for the iPhone
  • Free downloadable iPhone unlock in the wild now




    • Sign up for the BLORGE daily email newsletter

    Entry was posted on Monday, July 2nd, 2007 at 12:43 pm under Security, Spam.

    Read more entries by John Pospisil.
    StumbleUpon Toolbar Stumble It!

    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform