Hackers exploit excitement over Apple's smart phone by sending malicious e-mails claiming that recipients have won their own.
Web-filtering specialist Secure Computing is warning users not to fall for the socially engineered e-mails that contain a link which, if clicked on, will attempt to connect to a Web site and install malicious software designed to take control of the victim's computer.
Paul Henry, vice president of technology evangelism for Secure Computing, believes that although this is the first iPhone-related
The criminals behind this scam are using sophisticated techniques to thwart security firms. For example, the Web site is loaded with more than 10 pieces of malicious code, each targeting a potential browser vulnerability. In addition, users who attempt to visit the site more than once are redirected to another, "safe" Web site.
"This threat is particularly insidious in that scripts within the HTML code returned to the user contain exploit code for multiple vulnerabilities to improve the malicious hacker's chances of gaining the necessary access to install the rootkit/spambot malware," Henry said.
Munir Kotadia of ZDNet Australia reported from Sydney.