Fake iTunes gift certificate delivers a load of malware for Black Friday shoppers

Discussion in 'other security issues & news' started by siljaline, Nov 24, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Full story
     
    Last edited: Nov 24, 2011
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,907
    Location:
    U.S.A.
    Merged Threads to Continue Same Topic.
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I suppose iTune users are going to have to learn safe email practices!


    ----
    rich
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Spy Co. sent Fake iTunes, Flash Updates

    Spreading malware by tricking users into updating their Flash via a popup isn't anything new, of course. Koobface, from several years ago, was very successful:

    koobface_1.jpg

    Here is the popup in the current exploit:

    http://online.wsj.com/media/finweb_G_20111121185229.jpg


    Krebs puts all of this current exploit into perspective:
    http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/
    ----
    rich
     
  7. wat0114

    wat0114 Guest

  8. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Re: Spy Co. sent Fake iTunes, Flash Updates


    The problem is just how do you distinguish between a genuine systems tray update pop-up & a fake one?
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Spy Co. sent Fake iTunes, Flash Updates

    Speaking for myself:

    My solution for Windows users I help is close the popup window and go directly to the software site to check for updates. I have them bookmark those sites, such as Adobe Reader, Adobe Flash, Java, etc. I stress not to click on links that pop up or appear in an email.

    Once on the update site, the user can see if there indeed is a current update.

    This procedure does take a few minutes, but is secure. Naturally, users have become accustomed to doing everything instantly, and malware authors take advantage of this, and exploit the convenience of the popup.

    I poked around and found an iTunes support site that has KB advisories about updates, so MAC users will have to learn how their particular software things work and develop their policies and procedures accordingly.

    I notice that the main Apple Support Page has users establish a password protected Support Account.

    MAC users are in an evolutionary stage regarding security, as were Windows users many years ago. Safe and secure policies and procedures will eventually be stressed in the MAC world, as they are in the Windows world. For example, most alert Windows users probably would not fall for the current email attachment trick that has infected MAC users.

    Four years ago this month, one of the ISC.edu analysts, Bojan, wrote about a MAC DNSchanger trojan in the wild, and concluded thus:

    ----
    rich
     
    Last edited: Nov 27, 2011
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Re: Spy Co. sent Fake iTunes, Flash Updates

    I always do that for Flash & Java anyway (I have the sites bookmarked). I usually know when a SUPERAntiSpyware update is coming so I usually wait for the Systems Tray pop-up for that.

    On my Windows machines I'm pretty sure I disabled the auto update in the Apple Update desktop icon & I just check it manually (I run iTunes & QuickTime). I usually know from following sites like Wilders (well normally just Wilders) if there is an impending update.

    I guess that makes me a bit of a safe surfer. ;)

    Yes definitely, I don't always trust mail in my inbox even when it claims to be from someone I know!
     
  11. wat0114

    wat0114 Guest

    Re: Spy Co. sent Fake iTunes, Flash Updates

    These fake Flash updates mentioned in that link don't just pop up suddenly from the system tray or on the desktop. They are "sent", probably by email, though the article doesn't elaborate, so they would have to be initiated by an unsuspecting and security-unaware user.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Re: Spy Co. sent Fake iTunes, Flash Updates

    I have heard of fake updates that have appeared on the desktop. I've never actually seen one though. They may be a cyber-myth. ;)
     
  13. wat0114

    wat0114 Guest

    Re: Spy Co. sent Fake iTunes, Flash Updates

    The only time I've seen something like it was with a rogue antivirus alert. Of course just closing the browser gets rid of it.
     
  14. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Re: Spy Co. sent Fake iTunes, Flash Updates

    Yes, pressing Alt F4 should do it, in Firefox/SeaMonkey anyway.
     
Loading...
Thread Status:
Not open for further replies.