Posted on 01/09/2008 4:03:45 PM PST by jdm
Your Apple iPhone could be infected with potentially malicious Trojan software because of a fake upgrade download, computer security officials with US-CERT warned Wednesday.
"This Trojan claims to be a tool used to prepare the device for an upgrade to firmware version 1.1.3," the US-CERT advisory says. "When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed."
The Trojan appears to be timed to exploit rumors that began in early December 2007 about new features in an upcoming iPhone firmware upgrade. Various online news sites and blogs cited a report published by CNET France that claimed an imminent iPhone update would feature a disk mode, for using the iPhone as a portable flash drive, and a voice recording mode.
Malware authors now regularly craft attacks that play off of current news and events. The Storm Worm, for example, initially spread through an e-mail message that made reference to what was in January 2007 a recent storm. With the Consumer Electronics Show this week and the Macworld Conference & Expo next week, malware masquerading as an iPhone upgrade will likely dupe more people than it would otherwise.
On Monday, Symantec (NSDQ: SYMC) identified the malicious software as "iPhone firmware 1.1.3 prep."
In a blog post, Symantec security researcher Orla Cox observes that installing the software doesn't appear to have much of an effect on the iPhone, but warned that uninstalling it could overwrite other iPhone applications.
"This is technically the first Trojan horse seen for the iPhone, however it does appear to be more of a prank than an actual threat," says Cox. "The impact of uninstalling the 'Trojan' would appear to be an unintended side effect. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline. Nevertheless, iPhone users should exercise caution regarding the packages they choose to install on their phones."
ping.
Apple was less virus/malware attacked than Microsoft for so long that the dirtbags who do that sort of thing decided to “make it fair”.
Hackers of that kind are worthy of summary execution!
Of course, that’s just MY opinion...
In other words, to get infected with this trojan, the iPhone user must first Jailbreak his iPhone, violating his guarantee and user agreement, have that specific non-Apple application loaded on the iPhone, download a "prep application" from a site totally unrelated to the application the Trojan says its intended for, install it into the jailbroken iPhone to get infected. Then, and only then, can they complain... and then sue Apple...
How stupid can a user be?
Now, does anyone want to say that Macs are only secure because so few people use them that no one will write malware for it... security by obscurity... You can't get much more obscure than the case of the iPhone trojan above... yet, someone has written malware for it...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.