iPhone Spam Campaign – Disguised Trojan

IT security and control firm Sophos is warning Internet users not to be tempted by a malicious spam campaign that is distributing a Windows Trojan concealed as a game for the popular Apple iPhone.

Samples intercepted by Sophos Labs carry various subject lines, including: ‘Virtual iPhone games!’ and ‘Apple: The most popular game!’ The spam e-mails contain an attachment file called ‘Penguin.Panic.zip’. Unsuspecting users, who may be familiar with the Penguin Panic game for the iPhone, are advised not to open the attachment, which contains a Trojan horse, designed to seize covert access to the victim’s machine.

Sophos experts note that the Trojan only works on Windows PCs and they have not yet seen versions that will run on Mac OS X, Apple iPhone or other mobile devices.

“Many people who enjoy playing these sometimes innovative and addictive iPhone games may be tempted by the ploy,” says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. “This is just another attempt by hackers to gain access to confidential information. If you receive e-mails like this, exercise extreme caution and don’t ever run unsolicited attachments.”

Sophos detects the malicious Trojan as Troj/Agent-HNY. Sophos customers are fully protected against these attacks. Sophos recommends all computer users ensure their anti-virus protection is up to date, and run a consolidated solution at the e-mail gateway to defend against viruses and spam. Users of other vendors’ anti-virus products are advised to check with their vendor if a protection update is available.