Botnet Uses Phishing Tactic on Online Buyers of iPhone
A number of people are purchasing iPhones over the Internet that is a happening event for cyber criminals, as per PCworld.com publication on July 13, 2007.
A new network of bots or compromised computers that presents users with a fake website selling iPhones has emerged. Under the pretense of this sale, the website creators steal personal or financial information that the web page requires interested buyers to enter. The 'AiPhone.A bot Trojan' has infected around 7,500 PCs worldwide, according to the findings of PandaLabs security.
The 'AiPhone.A' Trojan has been exploiting the publicity and excitement that the iPhone has generated. The Trojan plants itself as a Browser Helper Object or BHO to pilfer users' banking information.
The bot misguides the users to a duplicate site as soon as they try to buy the iPhone online. The site then tricks him into surrendering his banking or credit details to cyber thieves. The bot creates more trouble by presenting ads and pop-ups on the users' browsers.
Botnet, or the 'zombie army', is a huge collection of hijacked PCs that send viruses or spam or overload a network with messages to launch a DoS (Denial of Service) attack. A Trojan compromises the computers through an IRC (Internet Relay Chat) channel that receives and obeys the commands of the hacker controlling the botnet. The botnet business is thriving through sale of lists of hijacked PCs to spammers and hackers.
According to Luis Corrons, technical director of PandaLabs, this kind of botnet attack is a highly sophisticated one that criminals have been targeting on user communities, in the present case, the iPhone users. The attack is extremely dangerous and complex that works by combining phishing tricks, malware and also adware consisting of pop-ups, modified search results etc. Financialmirror.com published Corrons' observation on July 12, 2007.
The danger lying in the attack that is now affecting users wanting to purchase an iPhone is it could well be modified and targeted on users desiring other products. There could be similar attacks on simultaneous 'groups' of interested users, increasing the success rates of cyber criminals.
Related article: Botnet Misuses Google Analytics
» SPAMfighter News - 26-07-2007