“iPhone trojan” targets would-be iPhone buyers
Posted by james on September 24th, 2008 at 10:39pm Comments
Since it’s nothing new that online criminals are targeting those that are interested in the iPhone, it’s nothing new that once again iPhone World is asking its readers to be vigilant as a new malware is spearing online.
Creator of antivirus program Panda Security have announced that they’ve found a new trojan, called Banker.LKCTrojan, pretending to be a video of the iPhone, targeting internet users with pharming attacks. Pharming is a sophisticated version of phishing, and this is the first time it was targeted at iPhone fans. It involves manipulating the DNS (Domain Name Server) through the configuration of the TCP/IP protocol or the host file.
The aim of these pharming attacks is to steal confidential user information. The malicious payload of the Trojan can result in users being redirected to fraudulent web pages when they try to access their online bank. Victims of this attack could find that their bank details end up in the hands of cyber-crooks.
Usually, DNS servers store the numeric address or IP address (e.g. 72.1.62.137), associated to each domain name or URL (e.g. www.iphoneworld.ca). The result of the cyber-criminals’ interference is that when a user enters the name of a Web page, the server redirects him or her to another IP address, hosting a fraudulent Web page, designed to have the appearance of the original page.
In this case, the Banker.LKCTrojan is responsible for the manipulation of the DNS. This malicious code reaches systems under the name “VideoPhone[1]_exe”. Once it is run, and in order to trick the users, it opens a browser window displaying a website selling the iPhone.
While users are viewing this page, the Trojan modifies the host’s file redirecting URLs of popular banks and other financial institutions to a false web page. This way, users trying to access these banks by typing in the address or accessing them from an Internet search will be redirected to the spoof page. Here they will be asked for confidential details (account number, transaction password, etc.), which will be falling straight into the hands of cyber-crooks.
The manipulation of the host’s file does not cause any other suspicious effect on the computer. In fact, the entire fraud is carried out without arousing the suspicion of users, as all they need to do to become a victim is enter the address of the bank. This makes the attack even more dangerous.
How to protect yourself against pharming:
- When you connect to a page on which confidential details are requested make sure that the URL is the same as the one you typed and that there are no additional letters or numbers, etc.
- Check the security certificate of the sites you visit. Any reliable e-commerce business will have security certification for its servers issued by a recognized security authority.
- Make sure you have effective, up-to-date antivirus protection, because, as is the case here, the DNS modification is often carried out with malicious code.
![[Post to Twitter]](http://www.iphoneworld.ca/wp-content/plugins/tweet-this/icons/tt-twitter-big2.png){kind=icon}
Related posts:
- The iPhone Trojan: something more serious still to come?
- The First iPhone Trojan
- Apple iPhone Safari browser memory exhaustion remote Denial of Service vulnerability discovered
- Online iPhone Banking Support via Nationwide
- Another iPhone DoS exploit discovered, maybe?
Care to rate this iPhone World article? Current news rating:
(1 votes, average: 1.00 out of 5)
Loading ...Filed Under: News+ Tech News+ iPhone Hacks+ iPhone News
-
MUEK
