Fake iPhone 5 e-mail carries Windows malware

The threat of infection is small, but it is targeted at Windows users, not Macs

By Microsoft Subnet on Mon, 10/03/11 - 2:53pm.

Hackers are again hoping iPhone 5 hysteria will benefit them. A fake e-mail that spoofs the "news@apple.com" address contains links to websites hosting a Windows virus. The subject line proclaims the iPhone SG 5 has been released and the e-mail shows an iPhone with a see-through screen. Ironically, this is a Windows-specific virus, which Sophos calls the Mal/Zapchas-A virus, and doesn't affect Macs.

It's an old virus, with anti-malware signatures available since at least 2008, according to the antimalware vendor Sophos. (It is known by other anti-malware vendors with different names such as Backdoor.IRC.Zapchast.zwrc, Backdoor.Trojan, Backdoor.IRC.Flood, TR/Drop.Agent.CTJ, not-a-virus:Client-IRC.Win32.mIRC.603). If the virus succeeds, it plants spyware.

So, this isn't a particularly dangerous threat, particularly for an enterprise using reasonably updated anti-mailware products. None of the reporting agencies are alarmed by an uptick in this virus ... so I wonder how successful an attack this is. But, it must be reaping some rewards ... in June a similar e-mail attack was noted ... also spoofing an apple.com address and claiming to have news on the iPhone 5. This e-mail lead to sites that would install the Troj/Zapchast-B Trojan horse on a Windows machine (another virus that doesn't affect Macs).

A journalist from the Personal Computing Magazine Abram Wagenaar alerted Sophos to the malware by uploading a photo of it to Twitter.

iPhone 5 malware e-mail

What I find entertaining about this low-level threat is how graphically beautiful the perpetrators made the fake iPhone look, with the clear screen and the Apple-esq looking fonts. I also find it somewhat funny that the level of iPhone rumor has grown so loud that people would believe in an "invisible" iPhone, as if it's possible to build a phone in which all of the components are see-through. In all honesty, I think that if I were sent that e-mail, and my malware filter somehow let it get through to my inbox (I wasn't/it didn't ... I looked), I would be one of those folks who clicked on the links before it occurred to me that I was being had. That's how many crazy things have been said about the iPhone 5 lately.

Tomorrow we should know the truth about the iPhone 5 but I wouldn't expect this type of e-mail threat to go away. It would be a simple task to swap out that crazy-but-cool fake photo of the clear iPhone with a photo of the real one. This e-mail would then look more authentic than ever.

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About The Microsoft Update

Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.

The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.

Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited