Computerworld

New botnet targets iPhone buyers

Apparently enough people are buying iPhones online that cybercriminals want in on the action.

A new botnet has emerged this week that presents infected PC users with a phony Web page selling iPhones, then steals any financial or personal information entered into the page.

The botnet, or army of PCs infected by the same malware that controls them without the user knowing it, is orchestrated by a Trojan called Aifone.A, according to PandaLabs, the threat-analysis division of security company Panda Software.

When the user of an infected PC goes to Apple's official iPhone Web page to purchase the product, the malware instead displays a phony page designed to look like the authentic one, they say. Any information entered in the phony page is captured by the botnet controller.

PandaLabs says this botnet is sophisticated enough to divert search results for the iPhone to the phony site, and can even display pop-ups and banners to send users to the spoofed Web site.

The company says there are currently 7,500 zombies, or compromised PCs, that make up this botnet.