The Inquirer-Home

Iphone 5 spam wave leads to malware

Fake release announcements contain malicious links
Tue Oct 04 2011, 15:20

MALWARE EXPERTS are warning of a wave of spam emails that pose as Iphone 5GS release announcements and lead recipients to an IRC worm.

The spam campaign clearly tries to capitalise on people's interest in the Apple Iphone the company is expected to release later today.

The rogue emails bear a subject of "iPhone 5G S has been released" and have forged headers to appear as originating from the "news@apple.com" address. The body contains an image showing a transparent Iphone and a listing of the new device's alleged features.

"That's probably not what the next iPhone will look alike. However, if you get curious and click on the links, you get redirected to download a Windows binary called iphone5.gif.exe hosted under a hacked server comiali.com," warned F-Secure's chief research officer Mikko Hypponen.

The use of a double extension is an attempt to trick users on systems like Windows 7, which hides known extensions by default, into believing that the file is actually an image. In fact, running it does open a JPEG showing a device resembling an overly-stretched Ipad.

However, in the background it installs a hidden IRC bot based on the legitimate mIRC client. The piece of malware connects to a server in Hungary and can steal credit card details and other sensitive information from infected computers.

Security researchers point out that this is not the first, nor will it be the last time that Apple rumours get exploited by spammers. "Apple product announcements are always big news. And I think we have to accept that it's likely that whenever Apple is scheduled to reveal new technology that cybercriminals will try to exploit the interest," said Graham Cluley, a security expert at Sophos. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?