NewsApple's App Store has become the latest target for email attacks and spam. Computer users receive malicious messages in the form of fake invoice email which is supposedly sent by the computer giant. According to Websense Security Labs, this new spam campaign is gathering speed every day. Since the creator of iPhone, iPod and iPad is very popular and is selling a lot of applications and multimedia on its website, it is very common that someone will fall into the traps of the cyber criminals.
Figure 1. Screenshot of the Spam Email Once a user receives the spam email (Figure 1), he is asked to follow a link to check his Order status. If he clicks the malicious link, an exploit pack named "Eleonore" is dropped to his computer. "Eleonore" exploits pack is sold for around $1.000 in the underground hacker communities and consists of 13 exploits which use unpatched holes of various software, including Microsoft IE, Firefox, Opera and also utilizes some PDF browser vulnerabilities. An inquiry at VirusTotal provides the following results: at present, only 12 out of 42 antivirus vendors detect the file placed by "Eleonore" as a threat (Table 1). This percentage is quite small and this makes the dropped Trojan a real danger for the safety of your computer.
Table 1. Aliases of the Trojan As cyber criminals are developing newer and newer methods to overtake your PCs, everyone must stay alerted. Computers are not only for fun anymore - our identity, our money, our whole life is stored on the hard disk of the machine. Keep your PC safe and it will do the same to you. |
User Comments