Malware Web Site Capitalizing On iPhone Frenzy
Secure Computing Corp., an enterprise gateway security company, recently warned that e-mail spam, indicating that the recipient has won a new iPhone, is directing users to a malware hosting Web site.
Secure Computing has discovered a Web site that is attempting to exploit more than 10 Active X vulnerabilities in its efforts to install a malicious payload including the MSODataSourceControl vulnerability that Secure Computing warned users about only 2 weeks ago. The Web site is tracking visitors on the site and then redirecting repeat visitors to a different, clean webpage in efforts to thwart security researchers as well as using XOR encryption to obfuscate the attack.
"This yet again confirms the expanding trend in web-borne malware," said Paul Henry, vice president of technology evangelism for Secure Computing. "This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities to improve the malicious hacker's chances of gaining the necessary access to install the rootkit/spam bot malware. While most organizations fully inspect the traffic directed to their Internet facing Web servers, many do not inspect the traffic that is returned to their internal users when visiting Internet Web sites."
The initial activity of the rootkit/spam bot malware is to incorporate the compromised PC into a spam sending botnet. Because the malware is rootkit-based, it would be a simple matter for the malicious hacker to at any time update the malware to include other nefarious tasks, such as key logging on the compromised PC to capture the user's financial credentials for use in ID theft.
Viruses, worms, Trojans and other malware have traditionally been distributed over e-mail with further propagation through each compromised users' e-mail address books and made to look like messages coming from them.
"With this threat, we again see the addition of a web attack component to traditional email-based malware," Henry said. "Secure Computing has recently seen other evidence of Web-borne malware propagating through the use of fake video-hosting sites and fake greeting card messages. Because of the popularity of the iPhone brand this is the first in what's bound to be a series of scams involving the iPhone.”