Welcome | Sign In
MacNewsWorld.com
Security

Spammers Bait Hooks With Fake iPhone Game

Print Version
E-Mail Article
Reprints
Spammers Bait Hooks With Fake iPhone Game

By Walaika Haskins
MacNewsWorld
09/19/08 2:18 PM PT

What your parents told you about taking candy from strangers applies to iPhone games as well. iPhone owners should be wary of e-mails purporting to feature a free game for the mobile device. What's attached to that e-mail isn't a game -- it's a Trojan. However, it won't infect your iPhone, or even your Mac. The Trojan targets Windows PCs. It does nothing to the iPhone; it only uses the device's popularity as bait.


Increase Customer Sales with VerticalResponse Email Marketing! Quickly and easily send email newsletters, coupons & sales announcements to your customers – no technical expertise needed. Sign up for your Free Trial today and send 100 emails on us!

Security firm Sophos issued a warning Thursday about e-mails purportedly offering free iPhone games. The missives profess to feature a free game for the smartphone, but the only thing those who download the attachment receive is malware designed to infect PCs running Windows.

The scam e-mails purport to include a file dubbed "Penguin.Panic.zip," a supposed version of the popular "Penguin Panic" motion-based iPhone app game, in which a cuddly Penguin jumps from one iceberg to another while avoiding falling icicles.

In the subject line, the hackers tout the file as "Virtual iPhone games!" or "Apple: The most popular game!", "Virtual iPhone toys!" and appeal to users to "Take a break!" or to "Beet (sic) my score! (7000 points)." However, the attached file, Troj/Agent-HNY, is a Trojan.

"It's a regular Trojan horse, spammed out via e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse attachments. If you run it on your Windows PC it installs itself and tries to download further malware from the Net. Unlike some other Trojans it doesn't waste time with a celebrity theme or pretending to be a breaking news story -- instead it pretends to be a hot game for the Apple (Nasdaq: AAPL) iPhone," Graham Cluley, senior technology consultant at Sophos, told MacNewsWorld.

Infection Via iPhone

It's important to note that the malware does not infect the iPhone itself. Rather, it infects Windows PCs when the user downloads the attachment while checking e-mail on a computer, presumably expecting to load the game onto an iPhone after connecting the handheld to the PC. Sophos is not aware of any versions that will run on the Mac OS X operating system, the iPhone or other mobile devices.

"Why not Mac? Probably because the hackers believe they can be successful just infecting Windows -- which is, after all, what most malware authors concentrate on. There's no technical reason why they couldn't write a Mac version too -- but they clearly don't think it's worth the effort," said Cluley.

"The hackers are using an iPhone-related disguise in the hope that people will be tempted into running the program," he explained.

Perils of the Web

Although this latest Trojan does not execute on iPhones themselves, it uses the broad familiarity of the iPhone as bait, again underscoring hackers' proclivity to lure in victims using whatever will attract popular recognition, be it a hot phone or a scandalous fake video of a political candidate.

Popularity also rules when targeting platforms to infect -- they regularly set their sites on market-dominant Windows PCs. However, as smartphones become more popular, more sophisticated and more able to surf the "real" Web, the danger of cybercriminals manufacturing malware for them increases.

"The biggest weakness of the cell phone has been the inability to access the 'real Web,' cloistered instead in the mobile Web, having little functionality. The second problem has been the fragmentation of the technology, with hundreds of real-time operating systems. Those weaknesses, however, were the very things that made cell phones so unattractive to hackers," David Chamberlain, an In-Stat analyst told MacNewsWorld.

"There will definitely be more interest by the bad guys, though, as more people use cell phones to access the real Web, and more smartphones -- with their common operating systems -- will be in use. That weakness, however, has prevented the bad guys from showing much interest in cell phones," he continued.

In-Stat expects the number of smartphones in use to increase more than 50 percent over the next five years. The research firm calculates that more than 200 million smartphones will be sold in 2012 alone, an increase of over 40 percent from 2008. That will make the devices an appealing target for hackers.

"Viral attacks on operating systems is nothing new. We've seen it on other operating systems, whether it be Symbian, Windows Mobile -- which gets it all the time -- and Blackberry, so this is not new. We are not facing a brand-new threat," Ramon Llamas, an IDC analyst, told MacNewsWorld.

In some ways, the standardization of phone operating systems is a hacker's dream, explained Chamberlain.

"Think about it: For years, we've been hearing, 'There are no Apple viruses because there aren't enough Apple computers to make it worthwhile for the hackers.' Cell phones have been incredibly fragmented with hundreds of different proprietary real-time operating systems. Somebody would have to write 100 or more variants to infect all of them. You get a big population of a single operating system, and you've got a target," he added.

What's In It for the Criminal

One possible reward for cybercriminals able to distribute such malware: The e-mail addresses stored on the handsets, according to Chamberlain.

"This malware is largely a way to steal live e-mail addresses and turn the computer into an outlet for spam messages. In that regard, perhaps they're looking for access to other phone numbers and e-mail addresses to use for spam. The other things might be for personal information such as bank accounts and passwords and other financial rip-offs," he pointed out.

However, smartphone-targeting criminals may also go after something other than lucre: good, old-fashioned bragging rights. If a hacker developed a viable bit of malware for the iPhone and released it into the wild where it was able to infect many of the devices, that person would also have substantial street cred within the hacker community, according to Llamas.

"A lot of it is the thrill of being able to say 'I took down or crippled or put a virus out there and it caused mayhem and destruction.' There really is no financial or monetary gain. There is notoriety, but that doesn't translate into the dollars. It is the thrill of causing problems for someone else," he posited.

Beyond that, putting out this sort of malicious software could be an effort to test the support system surrounding a device, Chamberlain noted.

"Perhaps [the] infection is only the opening volley. You make an inconsequential attack and wait to see what the response is. If the good guys spot it and react, you know you need to find another way in. This almost makes you wonder what else might be on your iPhone that hasn't been detected," he theorized.

Print Version E-Mail Article Reprints More by Walaika Haskins

Talkback: Join the Discussion.
Sophos Strikes Again! More iPhone Sophistry!
realitybites
Posted 2008-10-01
Let me get this straight...these security "experts" Sophos are saying that although ...

More by Walaika Haskins

ZeeVee's Zinc Browser Gets Web TV Right
April 29, 2009
The Zinc Browser from ZeeVee updates the old Zviewer with tighter navigation and better catalog options. The finished application offers a great way to find TV shows and movies anywhere on the Web, regardless of whether they're hosted by Hulu, CBS, Netflix, Amazon's on-demand service or others. 		Game Sales Sputter, 'GTA' Fails to Steal the Show
April 23, 2009
It may appear as though the video game industry is beginning to join the economy at large in its slump, as March numbers from NPD were less than encouraging. However, a year-over-year perspective is difficult due to the timing of game releases and holidays. Meanwhile, Take-Two hasn't seen much success in introducing its violent "GTA" series to the Nintendo DS. 		Can Microsoft Win the Online Game?
April 16, 2009
Now that the major video game consoles have been on the market for two and a half years -- or more -- hardware sales have slowed considerably. Online services, however, still have room to grow. InStat says subscriber bases will take off in the coming years, and Microsoft's Xbox platform may come out the big winner.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside MacNewsWorld
MacNewsWorld
E-Commerce Times
TechNewsWorld
LinuxInsider
CRM Buyer
Today's MacNewsWorld Sponsors
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.