Botnet Targeting Consumers Interested In iPhone

Ars Technica is reporting that a there is a 7,500-computer (and growing) botnet infected by a Trojan called Aifone.A.

If your computer is infected with this Trojan, when you attempt to access Apple’s website you will be redirected to an identical-looking site created by the Trojan. If you do ultimately choose to order the iPhone through this site, you’ll have turned your credit card information over to the scammers. From Ars Technica:

“This is one of the most sophisticated attacks we have seen targeting a user community, in this case iPhone users,” said PandaLabs technical director Luis Corrons in a statement. “It is a really complex, dangerous attack that combines elements of malware (the Trojan), phishing (the spoofed web page) and even adware (pop-ups, modification of search results, etc.)”

The company emphasizes that while the Trojan might be targeting wannabe iPhone users right now, the tools behind Aifone.A make it easy to modify the targeted URLs so that nearly anything can be targeted. So if a massively-popular Zune 2.0 gets released, for example, Airfone.A could be tweaked from afar to redirect all Zune requests to a phishing site as well

The Trojan affects Windows 2003/XP/2000/NT/ME/98/95 but not Vista, and is triggered by downloading an email attachment or opening an infected file.

Botnet targets wannabe iPhone owners [Ars Technica]


Edit Your Comment

  1. Moosehawk says:

    Why the iPhone? If it easily duplicates websites, couldn’t it duplicate a replica of Paypal just as easy?

  2. Trae says:

    So… a Trojan targeting iPhone buyers doesn’t actually attack Apple users?

    That’s hilarious.

    (And there are still people out there who open unknown attachments?)

  3. littletree says:

    Moosehawk, My guess is iPhone buyers are being targeted because they’re well off. I mean, anyone who can afford a $600 phone probably has a good amount of dispensible income and high credit limit.

  4. Landru says:

    Funny specialized it is. Bored teenagers, I guess.

    BTW, Aifone.A or Airfone.A? Watch your typos. This one is kind of crucial.

  5. magic8ball says:

    Awww, poor Microsoft. Even the botnets don’t want to use Vista.

  6. Ben Popken says:

    @Landru: It’s definitely called AIFONE. No R.

  7. bonzombiekitty says:

    Damnit people, stop opening strange e-mails with strange attachments.

  8. Ola says:

    I’ve been getting a surprisingly large number of spammy e-mails with attachments recently, which I of course deleted, but they seemed to come out of nowhere. Now I think I know…

  9. ElizabethD says:

    Dig this line:
    “The Trojan affects Windows 2003/XP/2000/NT/ME/98/95 but not Vista, and is triggered by downloading an email attachment or opening an infected file.”

    Yet again, Apple OS FTW! I <3 my iMac.

  10. daspark says:

    This is traditional virus-/Trojan horse-bating behavior. Whatever the flavor of the day is (i.e. iPhone), send out a message with an enticing offer or a threat if you get that especially hot item.

    There’s a lot more behaviors of botnets I’ve collected on a Microsoft-sponsored spam project I’m working on called the Anatomy of Spam. Don’t think just because you’re a savvy computer and Internet user that you’re not susceptible. I was rather surprised by some of the techniques.