MyAntiSpyware


Found trojan that attempts to steal money by selling a fake iPhone

Myantispyware team July 3, 2007    

Sunbelt team reported about new trojan that attempts to steal money by selling a fake iPhone. The malware produces a popup, triggered by going to yahoo.com or google.com. There are multiple types of popups, including one saying “supported by Google” and one “supported by Yahoo”.

Normally, when you go to iPhone.com, you get redirected to Apple’s site — http://www.apple.com/iphone/. On an infected system, you get directed to a custom “iphone.com” which actually is a fake site. The Trojan is pulling content from your local disk in a file that has been created in %system%\confg.xml and creating BHO (Browser Helper Object)

BHO: {AA7F2000-EA05-489d-900C-3C7C0A5497A3} – C:\WINDOWS\system32\rwera21s1.dll

They are using this BHO to inject code into Internet Explorer to make it appear as if you are on a website owned by Apple. The same technique is used by malware to target banking websites.

Read more: iPhone madness: This hot phone now sold through malware

Trojan

 Previous Post

Found new fake codec and new rogue antispyware

Next Post 

McAfee free rootkit remover

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

WaveSplash Review, Motorized Float & Floatski 60% OFF?
BurnTide Reviews, Oprah Baking Soda Recipe Scam Exposed
Memovance Pro Reviews, Bill Gates Honey Shield Trick Scam Exposed, Steve Martin?
Vetdice.com Promo Codes: A Crypto Scam
scam alert
Zorevex.com Promo Codes: A Crypto Scam

Follow Us

Search

Useful Guides

Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
This setting is enforced by your administrator (Removal guide)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)

Recent Guides

Found new fake codec and new rogue antispyware
Automatic removal HaxDoor trojan
Automatic removal MBS Account Manager
Found new spysheriff variants – Malware Stopper, Malware Panacea
New way for push exploit to your PC

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2026 MASW - Myantispyware.com.