No sooner than the iPhone has launched, Spam has followed it. Secure Computing Corporation has warned that email spam, indicating that the recipient has won a new iPhone, is directing users to a malware hosting website.
Secure Computing has discovered a website that is attempting to exploit over 10 Active X vulnerabilities in its efforts to install a malicious payload including the MSODataSourceControl vulnerability that Secure Computing warned users about only 2 weeks ago. The website is tracking visitors on the site and then redirecting repeat visitors to a different, clean webpage in efforts to thwart security researchers as well as using XOR encryption to obfuscate the attack.
“This yet again confirms the expanding trend in web-borne malware,” said Paul Henry, vice president of technology evangelism for Secure Computing. “This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities to improve the malicious hacker’s chances of gaining the necessary access to install the rootkit /spam bot malware. While most organizations fully inspect the traffic directed to their Internet facing web servers, many do not inspect the traffic that is returned to their internal users when visiting Internet web sites.”
The initial activity of the rootkit/spam bot malware is to incorporate the compromised PC into a spam sending botnet. Because the malware is rootkit- based, it would be a simple matter for the malicious hacker to at any time update the malware to include other nefarious tasks, such as key logging on the compromised PC to capture the user’s financial credentials for use in ID theft.
Viruses, worms, Trojans and other malware have traditionally been distributed over email with further propagation through each compromised users’ email address books and made to look like messages coming from them. “With this threat, we again see the addition of a web attack component to traditional email-based malware,” said Henry. “Secure Computing has recently seen other evidence of web-borne malware propagating through the use of fake video-hosting sites and fake greeting card messages.”
“Because of the popularity of the iPhone brand this is the first in what’s bound to be a series of scams involving the iPhone,” added Henry. Customers using Secure Computing’s Webwasher(R), the industry’s first and only reputation-based Web gateway security solution, are protected against this. Webwasher protects enterprises from spyware, phishing, malware, data leakage, and Internet misuse, while ensuring policy enforcement, regulatory compliance, and a productive application environment. It incorporates global intelligence from the company’s industry-leading reputation system, TrustedSource(TM), which provides source-based reputation scores for web page content, messages, attachments and images. Webwasher employs the most sophisticated behavioral and signature-based techniques for stopping malware, as well as patented content analysis software for stopping data leakage.
Tags: Apple, iPhone, Spam, iPhone spam
Popularity: 29% [?]