|
|
|
Apple iPhone SMS Used as Bait in Rogue Antivirus Scam
By: Brian Prince
2009-09-28
Article Rating: / 4
There are 1 user comments on this Network Security & Hardware story.
Cyber-criminals are using interest in MMS or SMS on the iPhone to trick users into downloading rogue antivirus software. According to security company Websense, attackers are abusing Google's search engine to get users to click on links leading to a malicious page pushing scareware.Cyber-criminals are taking advantage of interest in Apple's new Multimedia Messaging
Service capability for the iPhone by poisoning some of the top related Google
results.
According
to Websense Security Labs, scammers are abusing Google to lure victims to sites
pushing rogue
antivirus software. MMS is an extension
of SMS (Short Message Service). When someone enters search terms related to
iPhone SMS informationsuch as "how to send multiple chats over SMS"malicious
URLs are returned in the search results. In a case documented on the Websense
blog, a malicious URL reached as high as the sixth search result.
Apple
added MMS for the iPhone on Sept. 25. Given the popularity of the iPhone,
it should come as no surprise that attackers sought to parlay interest in the
technology into an opportunity to cash in. The malicious domains involved in
the attack were registered days before Apple announced the MMS capability,
indicating careful planning on the part of the attackers, Websense Manager of
Security Research Stephan Chenette told eWEEK.
"Attackers
that are responsible for black-hat SEO [search engine optimization] ... either own or have leased use of
botnet [that] are then used to run Websites which embed within the Website
content relevant news terms which they wish to poison and associate with a
URL," Chenette said. "The URL they associate is under the control of
the attacker and is the URL ... the attacker wants to lure users to. Search engine
crawlers then crawl the Web and find hundreds of thousands of Websites that
have been poisoned.
"Their
crawler, which is an automated program, isn't able tell poisoned Web pages from
legitimate pages and associates the key terms found with the URLs that the
attackers have set up beforehand to serve rogue antivirus [software]," he
added. "It's a numbers game: Since attackers can control hundreds of
thousands of sites, they can control search engine rankings."
In
this particular SEO attack, the following hosts are involved, according to
Websense: jeffersongc.com, ecrq8w9.xorg.pl, toolmusic.cn and
mycomputerlivescan2.com.
"Using
Robtex and various other tools, we can gather public information about these
hosts," Chenette explained on the Websense Security Labs blog. "One
interesting fact we found is that the domain hosting landing page serving the rogue
AV was created on Sept. 23,
2009 and the other domain involved was registered minutes before.
We can also see that two of the domains involved share the same IP
address."
If
a user clicks on one of the malicious links controlled by the attackers, he or
she is redirected to a series of pages via 302 redirects. The final landing
page pushes scareware, issuing a fake warning that the visitor's system is
infected with malware and offering fake antivirus software. The supposed answer
to the user's woes, of course, costs money.
According
to researchers, rogue-antivirus scams have been on the upswing of late. In the Microsoft
Security Intelligence Report released April 8, Microsoft reported that
seven of the top 25 families of malware or unwanted software in the second half
of 2008 had some connection to rogue security software.
|
|
�������x}ks8q�8c"#dK-ěԭҥ(H"$e[3wu��_zP��9q*D
th4�?�{$s[��֘\ÙI�=Π>�?���CR(_2d`C2�ѩiz�
w4V-S˧n��> \?aw��D%x�_'Щ=ѩ:wɄ�_Sx^ۗ6}nvl�.�hѲ�b
^Pk$ȁ_�Ik��Jr�$<�%v�Ϲ\�l��IGAmgF}{*�N5wlX�Q�!)�/F�<��u�b
<�{f� *;�U+�S�i@S֠*v�25vn����@^k�cLȾ�Bso�=�RɴvWg!205N��Z [��XdTj��Ӂm��!p�5mvapJ�)JH�&tGs
< fI�u�PؖgtHO��nR�O*!1lp~+J1y�'A�e[tQV�_սkioAׁߎ]{f
�5L|Y�b�6�r�mO |l܇70>}!mW
"�j�ˡ,kО~/푪�U�˅R5W�Y+{�iX��2^k|=ϕ�U�U��u�u��m1y
Cq>t;=r:?'�7��;Aڼ�+ NֶRߙ�0Q�&**R>43�A>j�jw{g`�rM7Jza߹pKPͫ9H]*Gz[츆Ga�`%�pfQ\�:5'sKnw[:9;nN}3�fPeU�~(!3"ؕgxg[:nN7O�7fKN;פ>iu�3�`BәeIumܟZv�`KK'^C$w@,nsgKJ*)�?5;'/W-2᭫O�d&"^wqN��鹚�-4S[��}>kcw-? ,�_��%?fv�3i���R2!r*� ߱n^S+C�7˫RVy۬ Ն7|��Sk�_?g]-s��za4Z�@L4�&�h�)5?�&�pΚb.L2wҡ1�eŞ�!|Аd�
mx=Z.3A��Xn`vt��ho4�ح�L�%_�bH=x�S9Z��=H�6(Zl׃�$ƖA
ϛ�L��s%08{�ɝ�5�zY0�ݻ�iy`y1�&���դw�; �Tgf ,�ﺶ�]y�
���c
6Gv�60L0���g:%�N\IQ��M�2r)%4G�!��-i]�R@A�z6S?��-�,rr<����ܑ�vR,ĭb��P,n=!ԑtnR,>��hF3aGe�-n^
�d6g�2+ILIg]W-&D7rB��.G �wKቖ6ZlY(TZ#�&F#C7` 3G�]= 30�K0w|?a!�s WQ�'&�s�?v{\
f>�BCeYҵ;J`p\Ͱ"̴b֜�u4.�dufB7��ƉOH|��B�0-���qڛuVs�Ӡ,T�X&�3=Ͱ&p_;�+og�zjr���e&>|Yr�Y4ۿ9�P,MmUPS7�˕L8�+UPM
g2)*[hwlr���s
dV�O[bҁ+R=""�ǰ}_�Q7<ĞR�=Ղ�ZsOs�R| :[[I%7˺7RumB$l��Ұ.�R����!d[�}aa6EY�Q\RKHD@CR)е�
aY��^`(t�xM̆Т5nM>*ma�1m���oEMLYF4Xr4%6k<-[�`C�aP�eܡɁ6`@GVLl9IZW),֩{b;@��]$/Hq{L4MM/|R9��g3?�']dEDhR�+ma�@ͤP�L�kQqA'��6a�a�{�;w�9p�ms>u�Z\�ΗV°#]6�|zj�N ��0xpT'@�pd`0R3:p5gұJ�)ՅY�L5̆b.(�qڏ9&�_Gƅ�Kd�^3`O`T#4tʠZlN֬9 Q�^-H.�k�
l�mpj�Z��GR�.�v^vi^cd�(h^x�<궇1,4�ra,mG��R�5V2S{`�cu鮧��T+*[pfN>+Ř>�5 ��dj>Ǟdo':|>#H�u�~H.Lb����46�1�|,WTJe�`lʁVѹ(�٩ 7]4@�.�&X-`�"'t>sхڥ.ns�sa*/Wf1Z|�[�JW�9PKR,��rs��3;f^vĻ8
�j�ϡ: ٷG#~y6�u&^va1=%W�Jo?z}t�>ɕ6g>t0\j V�?aA�>yL��{H�n�e
�g?^I0���lcSxt �b�7\ɩb_ask'��bx�h���!.��־7 �X�=0�`6o7w�
9\R4�*S�jf h�
ޜ�3ÅP�2�ρ^jMzMͱ�Sb_@Ԕ\Z+9k7k"�XKQ3�2��F��P�cڷŎ�ΒjY�fv
q?9^<}f̣}_�_6cmfH^ab2U�{Y@o&1�
vgx�ɲ�ֆ'ydϤͬ`3|5{��NL{6̒SԵ`se%s�@L>RXC5�H�zF{_M渌{efR!F>Ϣ�+Zۂ1dLfQJ'1�u?agE�z
[�ٔY]�}2j��=O U�j�GqS�V3Gn�mkH�)d�a:1Af7pu(,��=% k@X�-v'fU�&��JAyVS"w��3X
+my�9eyb3�9aؠGsHoR>0 ZHħ;mŤ�߲>�(5غvŕ+J]: Q�PG�"taX݂��t;f9_qY{�VƵ]2tH�"U�H
eVVJU`NS+%$: ?��>�d,j+�BGI}7
[&�IO�⿿++
Ctp|g\D@0|=k>0�F_Hƙ
RAU�U�r\�'0�
0C�5��#�J�x@t0�'
xWJ\9_-p�/g$
�,�$�(E,tF<���&цRzsk(,9Jeob&[
xr2���=�aU��a��NTK��y88&C_\}?؇^?ۣ�)��&�b�l*=t!D�Nn}и�YtW�%pn�I^e{˞tڸh9s,C8�tO\U;A�zY~Rt�Ը6`>|ڗ?�IΧ˦Ծh|hw0.[L@2�m&A)��`$Q
:RjW
۫Fپ ]w�i/R`�f{�N�p.��ڗK'5?nvDۗ-)�^s%y0W�䈠]j?\�D�d�0�srj\��7b��`�x$"�B̔F<$]wFD/�!B2.f3���/�s>V\zB_+,6Fπa6(Z4��)ފG(
�Bf.��·ńB10rNx@�� �� c@JA=�VohW/�{iD-����b�c~�HF�rI'z\G�>egI�9/PAS�):�(9Q [Hҷ�o@WY;GD{_q+5s��z8~���\1Z9nl&�BR�^'28�]h)3�#H���K1xc�`s�AZ$|n]��1�R+DN[3pu*"Ehwl)~ڲO6DR0�Y6[
.VMG0_Ӹ\bO�D XY�+o�x�'t7>CTո�
f;Ϋ�X>Gqb��x'O0E;䐜ejC=?VTemSw\z@ږ�kd�Gq'ߋ�t2Ti|�3X2wѺB�^�ݾE5=ICw5FO9�w>!�,�5giS
\:`���ĶpW߂�ة�/K*yYr o2ל8_In�zQm%Fm?Z�{ϗqG�4ӸtY=m\
qu\!ˮ�E�rUy_,[7�\x0"8+B4,�Ї �;:_{"%
�'KqIsU�Gapg\>z�zH�;s�{aT숲s � |O�ٜxf�9��<;Kg�kJ��`-n%_V!۱�6�tD_C*]�d%b.6~Hz0c>�gfbs._=##
�8ύk�uGx�e
_�RUJOsD"5tlcg�ԇ@9�eAp6\jq
!w�89!53G{i:qQyЁ50)#&{Kـ�%,���Yc 2�B;�n�;�S /�6QW2N,�3*}5�(}�MM
^BhxAWAgJ�uL. R^n!?ҚP74qc���PBp{Ӕ׆�.�
R8à=zg�a"K?ZiYT��_p'7+�}m/%Y(G["ϙ�K;�/I�ovy}�z?A2�j-vT�rȾ�;5��UfuqHŻqń)|ZP��͚�EyrqN�¤He6_LECvh�.g
[`'}8[bْ�ߌhУ�a&!�>#'k&u��uqC0_\oas!_ȫס?�Dxj ��ٛ�;ć,ex&7Kv>�b3h]�o+PjwWj`V6Ql(4 [>i�e4�c0E�0zX26p�v3���O\i9p[jIb$�!���]{00�
7<(���&"Nݿ_Ky�R%�#��-�*ry��$E)�>QO�%�p 37рF7;zL�
�{RPT� `�w�
"��NBq*rோH|�MOxywTre@K7AR+͜JWƃ!]dc��gX�u+\$EiP0" ���ʀ �!�*8��p
6�6m٦x��AnD ��mzL&'Ķm�a,�c�uݹ'uY*m�%BVh;J`��6\Z"cli�M lV3#h@˧P�1])Fc8eiy+<2I!=�s6.pi�pѩ+5%Z*Ki5-\p�ᰉM�&�6_|N""x�#Ԯ-S^rfqz�9
$o�ԓyJ����c�qU�%NᏢJ�w$B}���Z+�=�Ϩ{8w#]X*�ӁQ�32|O*�B~
�T3= �2�L�WTy,}��*;7we\
#|�pP3�8���W�SSSS9ԅRTz:y^�kiRMOq҉K0mbC"*s�T& efJ��5W?reQ�Xv3�)HxƚA�_'넿Nbq9+�G�=n9/ꓽn}nn�OCWj{�,iJg;P*SPT*TK�n��
"mL�{K�h�0Q%$ȮƖSx.�`ҍI�s=TR%',#�s/�jD꫟o9>ŗ`4']k`z-=lf5'Q��!\ZIy'J�D
Nշdҳ'4t_�v�R$z�n-k8!zXF^��[x#nU�4�M`D3 Y:1sxbh4Fx^pnD3�M7X!ⱛ=P=P=P=P#�@|cn4�0U| +);zԒ1bg�"�RZ2|SW>W�; �F�|kWڸJm1UFh^�ޭ'#LU^?��!BAq�
hok}ۚ_�"�m)̪3�#e֏8s]n^�e'�7[�ŢlDkpt!o%v> f+5w̤O阖,6@�MHz�4i{#mj�ky�JˬK�/9O�J�4k2=+9�A��#1�[Q}]ɷvTbXzj}ؕxU/=0�63��!�0 9��� Zzw"F�=�*u}�3i'}ߞf{#VqB}yݼ'Ŵv\|P_�`;v�0
QO�\oWpRʭKS�L�k5�p�/��O8�[oj�$"k3n{g�T�sj��b
y;&ASjk��͔d��u�#l�(M#d�ۀձ�lF(*U^w5ǁ�dUoo#fYN;mZ)Krj+6=Ţiylvh�_]�ߓ���ZRˬ�k<�I1�Ʊ�+ya0T2̬,GdfFl�����y�0�/mc
�>M�<3%(^,R���T[ݷ(s4�H̫0d=kD�)#(hILÑBu�sTAv�ь�j�#"X7;tf;�?��vGe�SÌ�ٻggRV=��es�^͘o|
�ZNIΞC4ܤė��Ka$$mh��:-BR��ﯔ>�"x�?E�*�O2Ŕ^',h6�Q&`aV�3ص�O0Q_�n]W�L�G�u�{#'C~�$I>I5;0O:�&d�?�WW.�^q�o�N @v+xr-"?(
P-rc[ax��ހSV*e~ۘBP-%8�I1�(l�F]="6,�AlӤǽ k%9E��v)>6i��۫]Q��a�rC^���#=%1�w�%Ⱥ=c(V`*+j5��A�^�w%5!cJ|D�,?��t�E$�/]V|�~0�.
4ض=���ῤlݩf.�$�\9191y!� �p>ƘKjpZUՒt=��R,w1Y�dHo-{?1|hֈ1p*B GUٜ�ArC5����o�*�Z!֤�F2
-5֠c��9m645̈
ZOk�a�f|$�TJ;7�\4c]8_q�=&o7ݙ�B gnVuĒf�SnWC�O O�p6Ac,)b�=�y m���lMk�m惔I�pʬBץ&:F�̾% DǞlϗK���Y�N}F=3P]"Z}4֡:
B�bQ-+�-51�äɫIх%Y{Ɣ2J\d9_KǏ>HPG$0�jr/[3q=p}X�a>Y�(�-^`wUpj+I\
c�
ziveNl@?'(חzR�k�3˔r;�nJ�(�ٮ~2>�E
��"
>"�@�\��)_�^�E
^�?AYJߠo)�P~R�{2 ?)s w2~�'�?��I/W�W)q�_
s?]��_�P埀>g(V�}N3s
n&�&oonR/>IR<��9k\���8�K�"2SZ9,.OSʫPJ9(O�Xi;)ZeU
KL)~�y/�D{'sg+�kӌ+ť$W�
7iKxUy%kk�Z1jt�}חG{1*�,xW&��eb^>c����˼,{�}tE�Oq>p�+i@L�w%<-cENJ).~QBxdB$h{U��cLF�D)ϬsD��4k�{H9\\�z[&;f��t{|��*%�61w��.[}S�/:)7.p{Z[��\�wڝGf{ueeDb;�w�S췡^2�<� Oǃf.ţu>T+6�:�6�a3[� ňC/�s
H;�ayt�,*fz:t}aO}�vHqj|hlZ˳O6k
85Ϙ::S�����?,RK|c ,>8���a455E�rjhN4pὍ97��,%t_�u��8T*jA)oT.K�俒k$2�����zӦ!QTYɹ
��6�rb�0�XT����^9�Q(Fuo*K06T�z!�J1
=4a֭xK1�BDO"�ұZÚHJ˘T͛YȌ�L�I57/��{_ۑ�����r��1��1@e^"Զ1*j6`%a<צ3ox�3R&mz��6.eа!�,%sv[?���|vL^�35�̗>x*(�"
"kH�"s�{D�|%i�"P�n3!醍%؉GC�QeY5qD
j$!���i_1Q:�Bݾ"]ۜ �V%G�Y��~l')i�3�㑏WK>EcЁ�2CͱF�A��}F垓g'_5�b
GikC3@p�+v/x/5m�szn()�y+H9�+م��xCS*HsԲx*�Dಁe"=`S
�s"gT3t/3��vS,]@�_v܅12J1p(qd��z�ӧ�ޣ-[$@��O"�C�2�DQL/Tvy*s*>�% �-� �i�-ޤ1�C2|
l|$_xª~SAxr=H'=��fsx���M-I�S`jA�9Xq�k @;&k"�ۄ!w0ѕDM1F(ͦ,1��f� �Ax��=`#hxb�Y6:|���,�݀bV�S"Nd2q-�9=O�N*DX6�c?}f��D�@ͽŵ]�^c*a?8#�/a0�g`y��j�Sa2��$Y"�:xqeA���Vt*N�ﺽ/筥FPv.{i}吇T�jv�V�;~v��?;趿ˌbhX*.㉊oZ�g�'u����םOM)h,)Z�NJ`�b)XFپ��uK+_0d-<��G-jI-ǂI#;ov[�b$-�k\֓jPou;�o���F'ep(|N!VKq+^�ΦK�+�5Ç �wm&l�2)v}md-c6�C-{��(��
|
Network Security & Hardware 
