Saturday, June 30, 2007

iPhone Scams Have Begun

The iPhone is out and the malware makers are already using it dupe people out of their money. Sunbelt reports that there is a new trojan that will offer pop ups to take you to a fake webpage. Normally redirects to the a page on for the iPhone, but on infected systems, a custom webpage replaces the legit one. A browser helper object is added to Internet Explorer to take you to the fake webpage:

BHO: H - {AA7F2000-EA05-489d-900C-3C7C0A5497A3} - C:\WINDOWS\system32\rwera21s1.dll

It's triggered when you go to or Some realistic looking pop ups appear and if clicked, you'll end up on the fake page. The fake page is hosted by Hostfresh, a dubious hosting company as reported by Sunbelt.

If you try to order an iPhone through these pop ups, all you'll get is an empty wallet. Check out the screenshots and other info posted at Sunbelt Blog.