Panda Security is warning Internet users to be on the lookout for a Trojan virus disguised as a video of the iPhone 3G. The latest case involves a new pharming attack using the Banker.LKC Trojan. Victims of this attack could find their bank details ending up in the hands of cyber-crooks.
“Pharming is a sophisticated version of phishing,” explains Jeremy Matthews, head of Panda Security's sub-Saharan operations. “It involves manipulating the DNS (Domain Name Server) through the configuration of the transmission control protocol/IP protocol or the host file.”
Matthews explains DNS servers store the numeric address or IP address associated to each domain name or URL. The result of the cyber-criminals' interference is that when a user enters the name of a Web page, the server redirects him to another number.
“In this case, the Banker.LKCTrojan is responsible for the manipulation of the DNS. This malicious code reaches systems under the name 'VideoPhone[1]_exe'. And to trick users, once it is run, it opens a browser window displaying a Web site selling the iPhone,” Matthews says.
While users are viewing the phoney Web site, the Trojan modifies the host file and redirects the URLs of banks and other companies to a false Web page. Users who are trying to access these banks will be redirected to the spoof page. Here they will be asked for confidential details such as account numbers and transaction password.
“The iPhone is used in this case as bait to attract users into running the file containing malicious code,” says Matthews. “Cyber-crooks are aiming to use the information they gather to empty users' accounts.”
Matthews says Internet users can protect themselves by ensuring the URL of the Web site they're on is the same as the one typed in originally and there are no additional letters or numbers, checking the security certificate of the sites they visit, and having up-to-date anti-virus protection.
Share
