A malware-spreading mechanism targeting the “iPhone unlocking” fans goes to prove that cybercrime is never short of imagination. This is how the story goes: you receive an e-mail in which you find out that you might get your hands on a new version of an iPhone unlocking application which basically allows you to overcome vendor set network restrictions. All you have to do is click a link that will take you to the web page on which the technical wonder awaits you.
As you get further on into the maze of this scheme and actually click the link, you land on a web page which provides instructions to be followed in order to download the unlocking application:
First off, you are to connect the iPhone to the PC, then download “the new modified” application and run it on the iPhone. And that’s when the magic begins: once downloaded and run, the executable opens up the way for a nice Trojan to fester on your PC.
The “enhanced” version of the executable hides Trojan.BAT.AACL.
Identified by BitDefender as Trojan.BAT.AACL, this piece of malware comes as a Windows batch file packed alongside the iPhone jailbreaking application. The Trojan attempts to change the preferred DNS server address for several possible Internet connections on the users’ computers to 188.210.[REMOVED]. This allows the malware creators to intercept the victims’ calls to reach Internet sites and to redirect them to their own malware-laden versions of those sites.