IPhone scams ramp up, target overeager buyers
One 'Apple iPhone' site wants payment by Western Union or MoneyGram
Computerworld - Hackers are playing off the buzz about Apple Inc.'s iPhone to craft malware targeting people who plan to buy the device or believe they've won one in a contest.
Over the weekend, Sunbelt Software Distribution Inc. spotted a custom-built Trojan horse that redirects unwitting iPhone shoppers to a bogus Web site when they surf to iphone.com, a legitimate address that normally takes users to Apple's own iPhone site.
The Trojan horse, which has not yet been named by antivirus vendors, produces a pop-up when users on infected Windows PCs head to either Yahoo.com or Google.com. The pop-ups tout iPhone.com as "the only place to buy iPhone," and use the Apple logo and the actual price ($499) of the 4GB model to add weight to the offer.
The Trojan horse pulls content from the infected machine and injects code into Microsoft Corp.'s Internet Explorer browser to build what looks like an Apple-owned site. As the duped buyer makes his way through the purchase screens, he selects the iPhone model, its color -- a dead giveaway, since the iPhone comes in only one design -- and then is told to send the money via Western Union or MoneyGram. According to Eckelberry, the recipient is in Latvia, a hacker hotbed like its Baltic neighbors and former occupier, Russia.
Other iPhone-associated scams are on the prowl, added Secure Computing Corp., another security software maker. For example, Secure Computing has detected a rogue Web site that hosts a multi-exploit strike package, and it found spams that dangle free iPhones in front of users to get them to click through a link to the attack URL.
The malicious site, said Secure, packs more than 10 exploits against both patched and unpatched ActiveX vulnerabilities in Windows and/or Internet Explorer. If any one of the exploits is successful, the PC is hijacked and turned into a spam-spewing bot. Rootkit components in the malware try to cloak it from antivirus scanners.
"This threat is particularly insidious in that scripts contain exploit code for multiple vulnerabilities to improve the hacker's chances of gaining the necessary access to install the rootkit/spambot malware," said Paul Henry, vice president of technology evangelism at Secure.
ScamBusters.org, a site that has been tracking Internet scams and hoaxes since 1994, posted a list of iPhone scam predictions last week. ScamBusters.com has already seen several prove out, including its No. 6, "Fake iPhone Web sites and phishing scams" and No. 7, "iPhone viruses, Trojans and spyware."
Read more about Macintosh in Computerworld's Macintosh Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- 10GbE in the Data Center Improvements in 10GbE technology, lower pricing, and improved performance make 10GbE for the mid-market a viable and cost-effective strategy. This white paper discusses...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Macintosh White Papers | Webcasts