News

iPhone Lure Used in Hacker Exploit

The iPhone hype makes it a natural target -- by scammers looking to sell Apple's first cell phone for a huge markup, and also by hackers looking to add to their bot networks.

Within hours of the iPhone's release, a social engineering e-mail went out with the subject line "Congratulations, you have won a new iPhone from our store!" Following the link in the e-mail takes an unsuspecting user to a Web site that attempts to load a rootkit on the user's computer.

The attack is one, according to security vendor Secure Computing Corp., that was used in a widespread attack on about 10,000 Italian Web sites about two weeks ago.

The attack "is a two-phase download," according to Paul Henry, vice president of technology evangelism for Secure Computing. A user "gets the e-mail, and clicks on the link to get the iPhone. That takes them to a Web site in Malaysia." The Malaysian Web site looks for Active X exploits, and if it finds a hole, the browser is directed to a second Web site, this one in New Jersey, that loads the rootkit on the computer.

Once the rootkit is installed, it's virtually impossible for the average user to find. Henry said that further analysis this morning resulted in Secure Computing identifying the toolkit. It's the "mpack" toolkit, version 0.93 or higher.

Henry emphasized that it's not an iPhone vulnerability. "This exploit is not for the iPhone. This is a browser exploit," he said in an interview.

A potentially serious exploit. Henry said, "Any Windows PC user that clicks [the e-mail] can immediately be comprised. The PC will be turned into a spambot," part of an army of computers networked together to blast spam to the world. And since it's a rootkit, it would be easy for a hacker to update the malware to add things such as a keylogger, which could steal a user's passwords and other sensitive material.

The best advice, as always, is to remind users on a network to never click a link that they're sure is safe. Other actions to take as a safeguard include using an anti-malware scanning product which scans HTML code, and URL filtering products.

As of Monday afternoon, Henry said, the exploit hasn't spread like wildfire, but that shouldn't make users feel safe. In fact, both malicious sites in Malaysia and New Jersey were still up and running when he last checked. "It's a relatively small distribution [so far], but we expect that to continue to grow," he predicted.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.