iPhone email spam
ConvergenceAsia staff
03/07/2007

Secure Computing, the enterprise gateway security company, has warned that email spam, indicating that the recipient has won a new iPhone, is directing users to a malware hosting website.

Secure Computing has discovered a web site that is attempting to exploit over 10 Active X vulnerabilities in its efforts to install a malicious payload including the MSODataSourceControl vulnerability. The web site is tracking visitors on the site and then redirecting repeat visitors to a different, clean web page in efforts to thwart security researchers as well as using XOR encryption to obfuscate the attack.

Said Benjamin Low, Managing Director for Southeast Asia and India, Secure Computing, "This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities to improve the malicious hacker's chances of gaining the necessary access to install the rootkit/spam bot malware. While most organisations fully inspect the traffic directed to their Internet facing web servers, many do not inspect the traffic that is returned to their internal users when visiting Internet web sites."

The initial activity of the rootkit/spam bot malware is to incorporate the compromised PC into a spam sending botnet. Because the malware is rootkit-based, it would be a simple matter for the malicious hacker to at any time update the malware to include other nefarious tasks, such as key logging on the compromised PC to capture the user's financial credentials for use in ID theft.

"With this threat, we again see the addition of a web attack component to traditional email-based malware," said Low. "Secure Computing has recently seen other evidence of web-borne malware propagating through the use of fake video-hosting sites and fake greeting card messages."

"Because of the popularity of the iPhone brand this is the first in what's bound to be a series of scams involving the iPhone," added Low.

advertisement