Apple is expected to announce their next smartphone tomorrow.
Scammers know this and they know people are excited about the upcoming announcement. So they are spamming out malicious e-mails with messages such as this:
That’s probably not what the next iPhone will look alike. However, if you get curious and click on the links, you get redirected to download a Windows binary called iphone5.gif.exe hosted under a hacked server comiali.com.
This is what the downloaded file looks like:
When executed, the malware shows this image on screen:
Behind the scenes, it’s a simple IRC bot based on mIRC. It connects to an IRC server at 22.214.171.124 (ircu.atw.hu).
Infected machines can be centrally controlled via this server and are exposed to things such as credit card theft. In fact, the malware contains this text inside it: “I wanna be a billionaire so frickin bad!”
F-Secure Anti-Virus detects this as IRC-Worm.Generic.2106. The MD5 hash is 2B60D3E71289D5F98C8E633A9D0C617D.
Leave a reply