The publicity surrounding the launch of Apple’s iPhone has provided fertile ground for the spread of malware by social networking techniques. Additionally the iPhone will probably bring Wi-Fi enabled handheld devices into the mainstream, providing another platform for cybercriminals to exploit.
Secure Computing Corporation, an enterprise gateway security company, today warned that email spam, indicating that the recipient has won a new iPhone, is directing users to a malware hosting website.
Secure Computing has discovered a website that is attempting to exploit over 10 Active X vulnerabilities in its efforts to install a malicious payload including the SODataSourceControl vulnerability that Secure Computing warned users about only 2 weeks ago.
“This yet again confirms the expanding trend in web-borne malware,” said Paul Henry, vice president of technology evangelism for Secure Computing. “This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities. While most organizations fully inspect the traffic directed to their Internet facing web servers, many do not inspect the traffic that is returned to their internal users when visiting Internet web sites.”
“Because of the popularity of the iPhone brand this is the first in what’s bound to be a series of scams involving the iPhone,” added Henry.