Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Fake Apple App Store Malicious Spam

Date:03.24.2010

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered that Apple's App Store has become the latest target for email attacks and spam. App Store is the service provided by Apple Inc. as a platform to purchase and download applications for iPhone®, iPod touch®, and iPad™. The attack comes in the form of a fake invoice email.

With Apple's App Store being one of the most popular shopping platforms for multimedia, this kind of App Store invoice email is familiar to users and tends to be received frequently. As demonstrated here, cyber-criminals clearly jump at a chance to spread their spam using any available means.

The content in this campaign resides on compromised Web sites and serves a combination of pharmaceutical spam along with exploits that are delivered in the background. Some of the messages serve only pharmaceutical spam and some combine spam with exploits. In the example below, clicking the link in the message redirects the user to a site with a single link labeled "visit". In the background, a known exploit pack called "Eleonore" is delivered to the user's machine. If the user clicks on the link, they are redirected to a "Canadian Pharmacy" Web site. In this particular attack instance the file dropped by the exploit pack has 29% detection rate.

Screen shot of the email:

Exploits are delivered on this page in the background:

Pharmaceutical spam Web site:

Websense Messaging and Websense Web Security customers are protected against this attack.