Fake iPhone 5 e-mail carries Windows malware

The threat of infection is small, but it is targeted at Windows users, not Macs

Hackers are again hoping iPhone 5 hysteria will benefit them. A fake e-mail that spoofs the "news@apple.com" address contains links to websites hosting a Windows virus. The subject line proclaims the iPhone SG 5 has been released and the e-mail shows an iPhone with a see-through screen. Ironically, this is a Windows-specific virus, which Sophos calls the Mal/Zapchas-A virus, and doesn't affect Macs.

It's an old virus, with anti-malware signatures available since at least 2008, according to the antimalware vendor Sophos. (It is known by other anti-malware vendors with different names such as Backdoor.IRC.Zapchast.zwrc, Backdoor.Trojan, Backdoor.IRC.Flood, TR/Drop.Agent.CTJ, not-a-virus:Client-IRC.Win32.mIRC.603). If the virus succeeds, it plants spyware.

So, this isn't a particularly dangerous threat, particularly for an enterprise using reasonably updated anti-mailware products. None of the reporting agencies are alarmed by an uptick in this virus ... so I wonder how successful an attack this is. But, it must be reaping some rewards ... in June a similar e-mail attack was noted ... also spoofing an apple.com address and claiming to have news on the iPhone 5. This e-mail lead to sites that would install the Troj/Zapchast-B Trojan horse on a Windows machine (another virus that doesn't affect Macs).

A journalist from the Personal Computing Magazine Abram Wagenaar alerted Sophos to the malware by uploading a photo of it to Twitter.

iPhone 5 malware e-mail

What I find entertaining about this low-level threat is how graphically beautiful the perpetrators made the fake iPhone look, with the clear screen and the Apple-esq looking fonts. I also find it somewhat funny that the level of iPhone rumor has grown so loud that people would believe in an "invisible" iPhone, as if it's possible to build a phone in which all of the components are see-through. In all honesty, I think that if I were sent that e-mail, and my malware filter somehow let it get through to my inbox (I wasn't/it didn't ... I looked), I would be one of those folks who clicked on the links before it occurred to me that I was being had. That's how many crazy things have been said about the iPhone 5 lately.

Tomorrow we should know the truth about the iPhone 5 but I wouldn't expect this type of e-mail threat to go away. It would be a simple task to swap out that crazy-but-cool fake photo of the clear iPhone with a photo of the real one. This e-mail would then look more authentic than ever.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.

IT Salary Survey: The results are in