NEWS FROM THE LAB - Monday, October 3, 2011

Warning On E-mails About "iPhone 5GS" Posted by Mikko @ 11:41 GMT

Apple is expected to announce their next smartphone tomorrow.

Scammers know this and they know people are excited about the upcoming announcement. So they are spamming out malicious e-mails with messages such as this:

Fake iPhone 5GS

That's probably not what the next iPhone will look alike. However, if you get curious and click on the links, you get redirected to download a Windows binary called iphone5.gif.exe hosted under a hacked server comiali.com.

This is what the downloaded file looks like:

Fake iPhone 5GS

When executed, the malware shows this image on screen:

Fake iPhone 5GS

Behind the scenes, it's a simple IRC bot based on mIRC. It connects to an IRC server at (ircu.atw.hu).

Infected machines can be centrally controlled via this server and are exposed to things such as credit card theft. In fact, the malware contains this text inside it: "I wanna be a billionaire so frickin bad!"

F-Secure Anti-Virus detects this as IRC-Worm.Generic.2106. The MD5 hash is 2B60D3E71289D5F98C8E633A9D0C617D.