Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

The tale of Gray Powell and the lost iPhone 4.0

on April 20, 2010

Malware creators love a juicy news story

Malware creators just love a news story that has the perfect ingredients: a leading brand name, a prototype phone and a thriving IT community just dying to hear what the latest gadget is going to be.

One Apple employee, named as Gray Powell, was unfortunate enough to forget his iPhone behind him after spending an evening in the company of friends and a few beers. Nothing new there, after all people leave mobile devices behind them with increasing frequency. The only problem for the poor young man was that his was a prototype for the next generation of the iPhone.

Ouch!

Now that is one heck of a story and juicy enough for techies eager to learn more about this guy’s mishap and, more importantly, what the next iPhone will look like. Unfortunately, it’s also a hot item for malware creators who see these ‘celebrity’ stories as fantastic opportunities to distribute their malware to people whose fingers click on links faster than they can read them.

Using Google’s hot trends page and generating pages containing malware, they then use SEO to get their pages as high up in Google rankings as possible, hedging their bets that users will click on the links without paying too much attention to the URL.

According to blogger Bogdan Calin, four out of 10 results from a Google search for ‘Gray Powell’ turned up links to malware-infected websites.

This is a technique that has been used often in the past. The death of Michael Jackson saw hundreds of infected links popping up in Google searches and many fans of the Twilight series were tricked into downloading what they believed was a full online version of the film.

The modus operandi, however, is the same. Clicking on the link results in a pop-up warning the user that his or her machine is at risk of infection and a recommendation to check the system. As soon as they click ‘ok’ or ‘clean’ or ‘proceed’ (depending on which rogue-ware is being distributed), the malware creates a report – that looks perfectly genuine – of the infections found on that machine.

Concerned users then download the fake anti-virus software to ‘clean’ the infection. There are different variants of the malware and each one is a nasty piece of work. To remove the malware, especially those of the fake AV variety, the creators request payment by credit card.

A nasty piece of work indeed.

Infection with malware can be avoided if users paid more attention to the URLs and not just the title and description. Having the latest anti-virus definitions and anti-malware software is also important.

Businesses would also do well to use web filtering and web security software that would automatically block the links before the malware can be downloaded. Filtering of http traffic is a must today because the majority of threats are web-based.

About the Author:

David Kelleher is Director of Public Relations at GFI Software. With over 20 years’ experience in media and communications, he has written extensively for business and tech publications and is an editor and regular contributor to Talk Tech to Me.

submit to reddit
 
Comments
ashton August 12, 20108:03 pm

I have to admit, I do love the occasional leaked gossip on tech related wares (I’m such a geek like that). Because of that, I found myself (almost) falling for this kind of under handed malware baiting. Lucky enough, I had spotted the link right before I had clicked on it, but it was mostly due to a haphazard case of chance than diligence on my part. If I had fallen for it, I think I might have duly deserved it.

Ben Garcia August 12, 20108:09 pm

It’s hard to fault people for this kind of behavior. The internet, quite often, runs on the adrenaline of the news that drives it. It’s only human nature to want to keep up to date with these sorts of things. I, for one, was literally throttled when I found out about the missing Iphone 4.0.

It’s only unfortunate that the internet is perfect for exploiting exactly this kind of behavior.

Samantha August 12, 20108:16 pm

To be honest, I’m quite surprised at how fast these malware creators work. It’s as if they literally have a pulse on the world, waiting for every bit of news to latch their ugly claws on (I am not bitter, I promise).

Although trends like Michael Jackson and Twilight tend to last far longer than their worth, a relative unknown like Gray Powell is only a blip in a sea of changing catch-phrases and internet rumors.

I utterly find this new form of internet abuse at the bottom of the media barrel. I guess malware creators can really stoop that low.