CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 15th, 2010

Fake iPhone Unlocking App Changes DNS And Hijacks Internet Connection

An application that offers to unlock iPhones is actually designed to hijack internet connections on compromised Windows PCs, security watchers warn.

Spam messages direct potential victims to a domain called iphone-iphone.info that offers links to download a Windows executable called blackra1n.exe. The application claims to offer an unlock utility but instead it changes default DNS settings on infected Windows PCs, hijacking internet connections in the process.

Romanian anti-virus firm BitDefender, which identifies the executable as Trojan-BAT-AACL, explains that the malware comes as a Windows batch file packed alongside the iPhone jailbreaking application.

“The Trojan attempts to change the preferred DNS server address for several possible Internet connections on the users’ computers to 188.210.[REMOVED],” BitDefender explains. “This allows the malware creators to intercept the victims’ calls to reach internet sites and to redirect them to their own malware-laden versions of those sites.”

DNS-contaminating malware has been used in the past to redirect users to counterfeit versions of online banking sites. The precise purpose of the malware in this case seems to be to infect compromised Windows PCs with yet more crud, earning hackers affiliate revenues in the process. The Trojan affects only the host Windows PC, not any connected iPhone.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • SpyPhone iPhone App Can Silently Harvest And Email Personal Data
  • New Zlob Trojan Version Alters Wireless Router Settings And Hijacks DNS
  • NSA Goes Offline Due To A DNS Glitch
  • Researchers Released DNS Attack Code That Exploits Recently Disclosed Flaw
  • iPhone 2.0 Unlocked Before The Release

    • Posted in Apple, Malware, Mobile, Software, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Thursday, April 15th, 2010 at 11:20 am and is filed under Apple, Malware, Mobile, Software, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fake iPhone Unlocking App Changes DNS And Hijacks Internet Connection

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »