According to the iPhone Dev Team blog, there is a blog site that is distributing a fake version of Yellowsn0w which is used to unlock iPhones that includes malware. I’m sure the site may be getting a few hits these days ahead of WWDC which should introduce the new iPhone 3.0 firmware as well as updated iPhone hardware.
This malware replaces the hosts file on the victims computer to redirect the user to their website, yellowsn0w221.wordpress.com, when trying to connect to a number of iPhone related websites. Here is a snippet of the hosts file it creates which takes a jab at the iPhone Dev Team and others.
# Name: WTF 1.0
# Date: June 06, 2009
# Author: Kadafi Monento
# Description: The internet suks, but the competition suks worst. Needless to say this is why you have downloaded this file. Google has monopolized search for 10 years, so now it’s my turn! Thanks for the biz!
Download entire hosts file which lists all of the websites affected by this redirect.
Yellowsn0w-iPhone-Unlock-3G-2-2-1
Result: 2/39 (5.13%)
MD5: 363fb95cff9a1f028c06f53a840e869c
VirusTotal
ThreatExpert Analysis
hxxp://74.52.118.244/Yellowsn0w-iPhone-Unlock-3G-2-2-1-final.exe
2 Responses to “iPhone unlocker targeted malware ahead of WWDC (yellowsn0w)”
Leave a Reply
You must login to post a comment.