Online banking passwords at risk from latest iPhone worm
Tuesday, November 24, 2009
Users of "jailbroken"- or user-modified - iPhones could be vulnerable to a malicious worm that attempts to steal bank account information from the device's browser session.
Using tactics not dissimilar to those of the Zeus or Clampi Trojans found on full-sized PCs, iBotnet.A immediately changes an infected device's root password to "ohs**t" and contacts what Ars Technica describes as a "command and control" server located in Lithuania to download additional malicious software and make the infected device into part of a botnet.
Additionally, the worm spoofs any attempt to connect to ING Direct, substituting an identical-looking login page from which the cyber criminals can harvest the victims' online banking information and use it to steal any money in their accounts. The funds can then be withdrawn using a system of mules at various, widely-dispersed ATMs.
Analysts note that while numerous exploits have targeted jailbroken iPhones, no known malware affects the unaltered version of the device. Computer World reports that another worm known as "Duh" has affected jailbroken iPhones, attempting to steal SMS-based bank authentication codes.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
