iwormJailbroken iPhone users in the Netherlands beware, a new worm is luring itself by redirecting users from the ING bank web site. When users visit the bank’s home page they are redirected by the worm which leaves them vulnerable to criminals that can capture their banking log-in information. Security experts at F-Secure are also warning that the worm can potentially turn infected iPhones into a “bonnet”, which is a network of compromised computers at the mercy of hackers or cybercriminals that can be accessed and controlled without the permission of the user. The worm can also be easily spread from one jailbroken iPhone to another when the jailbroken iPhones are connected to the same wireless internet connection.

Although this iPhone Worm is far from the first iPhone security threat to come out recently, Mikko Hypponen of F-Secure says that this is worm is the first seriously malicious virus for the iPhone. “There’s a clear financial motive behind it,” he told the BBC. “It’s fairly isolated and specific to the Netherlands, but it is capable of spreading.”

(Via the Telegraph)

Read More →

fbwormThe more popular Facebook becomes, the more dangerous it becomes to use. As if you didn’t already have to be wary of Facebook’s emails, now a worm is spreading via Facebook user’s walls. According to anti-virus maker, AVG, the worm spreads when users click on a provocative photo that is being placed on infect dusters walls. By clicking on that image, users are then opening themselves up to attack.

Below is an explanation of how this nasty works according to one of AVG’s bloggers:

“For those unfamiliar with Facebook (is there anyone other than me in that set?) the thumbnail of the worm’s infective page is a link to the page. The worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…
This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.”


(Via Mashable)

Read More →

twitterUsers of the social networking website Twitter have yet another virus to fear. According to these latest reports, there is a new worm related to a phishing scam floating around Twitter and it’s using the system’s direct messages to spread.

An already compromised account will send a direct message to another account with a body similar to:

“rofl this you on here? http://videos.twitter.secure-logins01.com.”

Once users click on the link they are asked to submit their information via a fake Twitter login page. And, once they’ve entered their login information, hackers use the compromised account to send a fresh batch of messages to all of the person’s Twitter followers. By luring unsuspecting users with “rofl is this you?” promises of a funny picture, victims are inclined to click on the fake link and thus subject themselves to the phishing virus.

Read More →