Information Age: News, analysis & insight for IT & business leaders
 

Malicious iPhone app triggers malware surge

29 October 2008  JJ Robinson

The number of emails with malicious attachments has increased eightfold, according to security firm Sophos, with a malicious iPhone application a major contributor

A malicious trojan disguised as an iPhone application has contributed to an eightfold rise in the number of emails sent with malicious attachments over the past quarter, according to security firm Sophos.

One in every 416 emails sent between July and September had an attachment designed to infect the recipient’s PC, compared with one in 3,333 emails in the previous quarter. One of the worst attacks involved the Agent-HNY trojan, which was disguised as a game for the iPhone called Penguin Panic .

Actual mobile malware is mostly limited to proof-of-concept programs, because of careful monitoring of third-party developers by mobile manufacturers such as Apple and Blackberry maker Research In Motion. But the iPhone trojan identified by Sophos takes advantage of the popularity of the device to spread itself.

The rise in malicious email attachments needs to be seen in context. Over the past few years, the number of malicious attachments sent has declined significantly in favour of links to malicious websites – often spoofed versions of legitimate sites such as YouTube that attack unpatched browser vulnerabilities or trick users into installing malware.

“Too many people are clicking without thinking – exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts,” said Sophos technology consultant Graham Cluely.

“When a spam email appears to come from a trusted source, too many users are fooled and end up clicking through to a malicious webpage,” he said. “The naivety shown by many internet users is downright dangerous.”

Further reading

Mobile insecurity
Is the new wave of Internet-connected mobile devices carving out a gaping hole in enterprise security?

The threat agenda
Information Age’s Enterprise Security 08 conference saw delegates tackle the evolving threats to IT security

Find more stories in the Security & Continuity Briefing Room


Comments 

There are currently no comments on this article

People who read this also read...

Portwise

 

Related articles

RIM hacked, threatened over police co-operation

Hacking group infiltrates BlackBerry maker's blog, posts threat that it will pass employee details to rioters if it co-operates with police investigation

The search for intelligent life cut short

An IT manager allegedly cost his organisation $1 million by using computing infrastructure for his ten-year pursuit of extra terrestrial lifeforms

Attack on one user brings down Twitter

Twitter's outage yesterday was caused by a coordinated denial of service attack against a single user

Dell to cut costs with green packaging

Computer maker Dell says its new green packaging initiative will save the company $8 million over four years

Advertisement

White Papers

Read article

Developing ios Solutions for Business

Whitepapers

Quickly develop and deploy custom iPad and iPhone solutions. With FileMaker Pro, iPad and iPhone solutions can be prototyped and completed in hours or days versus weeks or months. No iOS application programming or design experience is required.

Read article

IDC Spotlight: Access Control and Certification

Whitepapers

Read this brief for best practices on managing user access compliance.

Read article

GPS World

Whitepapers

Is the PREMIER global media brand serving the exploding world of positioning and navigation for OEM, commercial and consumer applications.

More
div class="banner">