Phoney iPhone offer in email lures users to infected web pages
It appears that the popularity of the newly-launched Apple iPhone has already had undesired consequences. According to security product vendor Secure Computing, spam mails are being sent stating "Congratulations, you have won a new iPhone from our store!" to lure unsuspecting users to an infected web site, which attacks the visitor with a whole battalion of exploits.
The site exploits more than ten holes in ActiveX controls for Internet Explorer, including the unpatched hole in Office 2003. An analysis conducted by Secure Computing has revealed that successful attacks infect the PC with a spambot, which uses a rootkit to hide from antivirus software. The investigators do not eliminate the possibility that botnet operators may also subsequently be able to install key loggers and other spyware on infected systems.
(mba)