On CBS MoneyWatch: 10 Most Expensive U.S. Colleges
BNET Business Network:
BNET
TechRepublic
ZDNet

June 8th, 2009

Malware poses as fake Yellowsn0w iPhone unlocker

Posted by Dancho Danchev @ 11:48 am

Categories: Anti Virus, Browsers, Malware

Tags: Apple iPhone, Malware, Firmware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Researchers from Malware-database.net are reporting on a newly discovered malware posing as a bogus iPhone unlocker, promising a working Firmware 2.2.1 yellowsn0w exploit as a social engineering tactic.

The (now down) — Wordpress blog yellowsn0w221.wordpress.com was promoting Yellowsn0w-iPhone-Unlock-3G-2-2-1-final.exe at the following IP 74.52.118.244 which is now returning a reported attack site image, presumably in an attempt by the author to cover up his activities.

Upon impersonating the DevTeam, the author attempted to spread it by posting messages across four yellowsn0w-iphone-unlock-3g-221 Google Groups, next to several BitTorrent sites.

The Dev-Team Blog promptly warned users of the bogus nature of tool:

“These are very exciting days ahead!  WWDC, the new 3.0 firmware, the new iPhone2,1 device.  All in the span of a month or two.  Nobody is more excited than we are :) Unfortunately, there are predators out there that are counting on your over-exuberance.  Maybe we should call it yell0w fever.  One very recent example is a certain yellowsn0w221 page on wordpress.com.  Do not download anything from that page if you’re on a PC, else you’ll be infected with a virus.  The page talks and talks about a supposed Firmware 2.2.1 yellowsn0w exploit, but it’s all a ruse to get you to download and infect your PC.”

Upon execution, the malware attempts to use a noisy from a behavioral detection perspective approach - modifying the hosts file and redirecting a huge number of competing iPhone unlocking sites to its homepage.

Who’s behind the malware? Interestingly, at 74.52.118.244 we have a parked domain Jl202site.com, which is registered to Jonathan Larso, who’s been “surprisingly” posting “become a iphone unlock affiliate and make %50 of sale” messages across the Web.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 7 Talkback(s)
and to top it off,
iTunes is a piece of $hit and no amount of crap out of you Steve Jobs jock-sniffers can change that.... (Read the rest)
Posted by: sackbut Posted on: 06/10/09 You are currently: a Guest | | Terms of Use
And yet the author found it best to target windows with his iPhone "tool"  InAction Man | 06/08/09
the same thing that made Jobs finally release iTunes for windows  rtk | 06/08/09
Duh  Pslags | 06/08/09
The Iphone is not the market leader.  jdbukis@... | 06/09/09
You may not beleive that the iPhone is not the market leader  athynz | 06/09/09
re: Duh  rtk | 06/09/09
and to top it off,  sackbut | 06/10/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here