• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

APPLE iPhone Worm Uncovered

HellasVagabond

New Member
Joined
Jan 19, 2007
Messages
3,376 (0.54/day)
Location
Athens , GREECE
System Name SECONDARY RIG / PRIMARY RIG / THIRD RIG
Processor i920@3.6GHz / i920@4GHz / AMD Phenom II 955
Motherboard Gigabyte EX58-UD4P / Gigabyte EX58-UD7 / ASRock 890GX3
Cooling CoolIT Domino ALC / Thermalright Silver Arrow / Thermalright VenomousX
Memory 12GB DDR3 @ 1800MHZ / 6GB DDR3 @ 2250MHZ / 4GB DDR3 @ 1600MHZ
Video Card(s) XFX ATI RADEON 5970 / GAINWARD NVIDIA GTX 580 / 2xGEFORCE GTX295
Storage 1550GB / 6TB SAS - SSD / 160GB SSD
Display(s) NEC 26WUXi2 / NEC 3090WQXi / SONY 55A2000 (1080P 55inch)
Case COOLER MASTER HAF 932 / COOLER MASTER ATCS 840 / ANTEC DARKFLEET DF85
Audio Device(s) Soundblaster X-Fi Xtreme Music / SoundBlaster X-Fi Fatal1ty Pro / Realtek Onboard
Power Supply CWT 1200W / Enermax Revolution 85+ 1250W / Ikonik Vulcan 1200W
Software Windows 7 x64 / Windows 7 x64 / Windows 7 x64
APPLE Worm Uncovered

The launch of iPhone is being exploited by cyber-crooks for financial gain. PandaLabs has uncovered a tool that controls a botnet made up of over 7,500 zombie computers infected by the Aifone.A bot Trojan. If the user of an infected PC tries to buy an iPhone online, their confidential data might end up in the hands of cyber-criminals.


The tool uncovered by PandaLabs has a series of features that allow cyber-crooks to take users of infected computers to a false page that appears to be the iPhone official page. As a result, if the user tries to buy the phone from the spoof page, they will actually be giving their bank details to cyber-criminals.

One of the tabs in the tool, called "REDIRECTS ADMIN", allows criminals to specify the web pages that the bot must redirect and where they must be redirected to. In this case, the tool sends users that want to visit the iPhone official pages to a false web page.

Another tab, "SEARCH REDIR", is used to specify the results that the Trojan must display when the infected user performs an Internet search and where they should be redirected to when they click any of the links. Obviously, this will be the false page.

In section "INJECTS ADMIN" it is possible to indicate the links that the Aifone.A Trojan must modify. As a consequence, if the user visits a web page that contains a link to a page dealing with iPhone, they will also be redirected to the false page.

Other tabs, "POPUPS ADMIN" and "BANNERS ADMIN", allow cyber-crooks to display pop-ups and banners with advertising about iPhone on the infected computer. This aims at enticing users to visit the spoofed web page and buy the phone from it.

"This is one of the most sophisticated attacks we have seen targeting a user community, in this case iPhone users. It is a really complex, dangerous attack that combines elements of malware (the Trojan), phishing (the spoofed web page) and even adware (pop-ups, modification of search results, etc.)", explains Luis Corrons, Technical Director of PandaLabs.

The real danger behind this attack is the fact that, in the same way that it is now being used to affect users that want to buy an iPhone, it could be slightly modified and used to affect users interested in any other product, or even several groups of users simultaneously, which would increase the cyber-criminals' chances of success.

View at TechPowerUp Main Site
 
Last edited:
Joined
Jul 1, 2005
Messages
5,197 (0.76/day)
Location
Kansas City, KS
System Name Dell XPS 15 9560
Processor I7-7700HQ
Memory 32GB DDR4
Video Card(s) GTX 1050/1080 Ti
Storage 1TB SSD
Display(s) 2x Dell P2715Q/4k Internal
Case Razer Core
Audio Device(s) Creative E5/Objective 2 Amp/Senn HD650
Mouse Logitech Proteus Core
Keyboard Logitech G910
Wait.... what?

The only thing this has to do with an iphone is..... when someone is trying to buy it online.. That title is clearly misleading. Its not an "iphone" worm, its a "windows worm" that parses iPhone related searches...

They don't mention anything about redirecting iTunes activation pages (which are key to iPhone activation) so apparently this is just redirecting a user to webpages to buy a phone online...

Move along, nothing special but the average windows trojans...
 
Last edited:

HellasVagabond

New Member
Joined
Jan 19, 2007
Messages
3,376 (0.54/day)
Location
Athens , GREECE
System Name SECONDARY RIG / PRIMARY RIG / THIRD RIG
Processor i920@3.6GHz / i920@4GHz / AMD Phenom II 955
Motherboard Gigabyte EX58-UD4P / Gigabyte EX58-UD7 / ASRock 890GX3
Cooling CoolIT Domino ALC / Thermalright Silver Arrow / Thermalright VenomousX
Memory 12GB DDR3 @ 1800MHZ / 6GB DDR3 @ 2250MHZ / 4GB DDR3 @ 1600MHZ
Video Card(s) XFX ATI RADEON 5970 / GAINWARD NVIDIA GTX 580 / 2xGEFORCE GTX295
Storage 1550GB / 6TB SAS - SSD / 160GB SSD
Display(s) NEC 26WUXi2 / NEC 3090WQXi / SONY 55A2000 (1080P 55inch)
Case COOLER MASTER HAF 932 / COOLER MASTER ATCS 840 / ANTEC DARKFLEET DF85
Audio Device(s) Soundblaster X-Fi Xtreme Music / SoundBlaster X-Fi Fatal1ty Pro / Realtek Onboard
Power Supply CWT 1200W / Enermax Revolution 85+ 1250W / Ikonik Vulcan 1200W
Software Windows 7 x64 / Windows 7 x64 / Windows 7 x64
My bad...Happens when you read fast :p
 

WarEagleAU

Bird of Prey
Joined
Jul 9, 2006
Messages
10,812 (1.67/day)
Location
Gurley, AL
System Name Pandemic 2020
Processor AMD Ryzen 5 "Gen 2" 2600X
Motherboard AsRock X470 Killer Promontory
Cooling CoolerMaster 240 RGB Master Cooler (Newegg Eggxpert)
Memory 32 GB Geil EVO Portenza DDR4 3200 MHz
Video Card(s) ASUS Radeon RX 580 DirectX 12 DUAL-RX580-O8G 8GB 256-Bit GDDR5 HDCP Ready CrossFireX Support Video C
Storage WD 250 M.2, Corsair P500 M.2, OCZ Trion 500, WD Black 1TB, Assorted others.
Display(s) ASUS MG24UQ Gaming Monitor - 23.6" 4K UHD (3840x2160) , IPS, Adaptive Sync, DisplayWidget
Case Fractal Define R6 C
Audio Device(s) Realtek 5.1 Onboard
Power Supply Corsair RMX 850 Platinum PSU (Newegg Eggxpert)
Mouse Razer Death Adder
Keyboard Corsair K95 Mechanical & Corsair K65 Wired, Wireless, Bluetooth)
Software Windows 10 Pro x64
I was gonna say, wow, I didnt think Apple could get worms or viruses. The way a few folks on here make Apple sound, its invincible.
 
Joined
Jul 1, 2005
Messages
5,197 (0.76/day)
Location
Kansas City, KS
System Name Dell XPS 15 9560
Processor I7-7700HQ
Memory 32GB DDR4
Video Card(s) GTX 1050/1080 Ti
Storage 1TB SSD
Display(s) 2x Dell P2715Q/4k Internal
Case Razer Core
Audio Device(s) Creative E5/Objective 2 Amp/Senn HD650
Mouse Logitech Proteus Core
Keyboard Logitech G910
I was gonna say, wow, I didnt think Apple could get worms or viruses. The way a few folks on here make Apple sound, its invincible.

Hey, I enjoy my (current) God mode for the internet.

Don't be jealous. :cool:

Everything's susceptible to a virus or worm should one be 1.) Made and 2.) an exploit remain vulnerable for that virus or worm to take advantage of said exploit.


This worm sounds a lot like the old sub-22 or something from a long time ago... a trojan that gave a remote user all kinds of fun controls.
 

FatForester

New Member
Joined
Mar 14, 2007
Messages
970 (0.16/day)
Processor Intel e2180 2.0ghz @ 2.8ghz w/ stock volts
Motherboard ASUS P5K-e Wifi-AP
Cooling Zalman 9500 w/ AS5
Memory G.Skill Black PI's DDR2 @ 896MHz 4-4-4-12 1.9v
Video Card(s) EVGA 8800GT w/ Zalman VF-900
Storage 2x Crucial C300 64GB, Samsung F3 2TB & 1TB, F1 1TB & 750GB
Display(s) ASUS VW246H 24" 16:9
Case Ultra / Chieftec Black Tower
Audio Device(s) X-fi XtremeMusic -> Z-5300e's
Power Supply PCP&C 610 Silencer
Software Windows 7 x64
-Reads thread... then yawns-

I will laugh the day macs become popular enough that people will actually BOTHER writing viruses for them.
 
Joined
Jul 1, 2005
Messages
5,197 (0.76/day)
Location
Kansas City, KS
System Name Dell XPS 15 9560
Processor I7-7700HQ
Memory 32GB DDR4
Video Card(s) GTX 1050/1080 Ti
Storage 1TB SSD
Display(s) 2x Dell P2715Q/4k Internal
Case Razer Core
Audio Device(s) Creative E5/Objective 2 Amp/Senn HD650
Mouse Logitech Proteus Core
Keyboard Logitech G910
-Reads thread... then yawns-

I will laugh the day macs become popular enough that people will actually BOTHER writing viruses for them.

Until then, it doesn't matter :pimp:
 
Top