Skip navigation

Monthly Archives: November 2009

Jailbroken iPhones are risky

Not long ago, it was discovered that “jailbroken” iPhones (ones said to be unlocked and “free” to use cell phone networks other than AT&T) are vulnerable to attack. It seems that remote connectivity is enabled and that the root (administrator) password is set to a default…a known default.

Even more recently, it was discovered that there are viruses circulating where these iPhones are being taken over remotely. Researchers believe that the purpose is to steal bank account info when users access banking sites. They are redirected to a fake site that looks like the one they were going to. The fake site is controlled by hackers.

Unlocking your iPhone is not advisable. Jailbroken phones cannot get Apple updates. Additionally, locked phones are limited to the applications that can be installed on an iPhone…for a reason. They are tested and verified for quality control.

More botnet spam/malware spreading

An increasing number of emails have been appearing at various locations. They dynamically target specific domains by indicating that the message is coming from ALERT@your_domain_name.com to suggest that it is a system message that you need. The ones that were seen, had multiple email address in the message.

Format of the message (including the misspelling of the author):

From: alert@your_domain.com [mailto:alert@your_domain.com]
Sent: Saturday, November 21, 2009 3:39 PM
To: (A USER NAME OTHER THAN YOURS)
Subject: for your_domain.com email service user
Importance: Low

Dear owner of the SOMEUSERNAME@your_domain.com mailbox,

You have to change the security mode of your account, from standart to secure. Please change the security mode by using the link below:

http://accounts.your_domain.com.dirddrf.be/webmail/settings/noflash.php?mode=standart&id=(some-long-alpha-numeric-sting-goes-here)&email=SOMEUSERNAME@your_domain.com

By inserting your domain name (AOL.com for AOL users, google.com for Gmail users, Comcast.net for Comcast users), this becomes pretty convincing to users. Imagine getting an email from alert@comcast.net.

Of course, the link is bogus and leads to a web page that is intended trick the user into downloading a file. In this case, it is a fake flash player. The name of the file is flashinstaller.exe. This is a variant of the ZBot virus. Additionally, you are verifying the email address to the sender.

This virus renders the PC part of the Zeus botnet, where remote commands are sent to the PC and/or keystrokes are recorded, including passwords, account IDs, credit card information, banking information, etc.

For prevention steps, be sure to keep your anti-virus definitions up to date.