Sunbelt Software is warning of a new phishing scam, this one targeting Apple MobileMe users. The bogus email masquerades as a subscription expiration from Apple's MobileMe service.  The phishing scam uses a spoofed From address of Mobile IDisk [noreply01@me.com] [mailto:noreply01@me.com].

A copy of the MobileMe phishing email is available on the Sunbelt blog.

Research from the University of New South Wales indicates one defenses against email scams and phishing attacks may just be reading your email when you're feeling a bit down.

In the past few weeks, there have been a couple of worms targeted hacked iPhones. Nothing major and highly regional, but still a good wake up call. To spread, the worms take advantage of the default password on a jailbroken iPhone. If you decided to jailbreak your iPhone but have not changed the default passwords, you should definitely make sure you do that. Here are a couple of good resources to help you through the process:

The iPhone Hacking Kit, step by step (MacWorld)
Short and Sweet SSH Guide for the iPhone (Gizmodo)

A new Facebook email scam is making the rounds, carrying a malicious email attachment disguised as a Facebook user agreement. The email reads as follows:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run "agreement.exe" by double-clicking
it.

Thanks,
The Facebook Team

By unzipping and running the attached 'agreement.exe', recipients are actually installing a variant of the Sasfis trojan which attempts to install a backdoor and download additional malware via the Web. The email is spammed randomly, so anyone could receive it and fall victim to the malware whether or not they were a Facebook user.

In Windows 7, Microsoft finally did away with autorun, a feature that enabled trojans to spread rapidly over a network or between computers much in the same way a worm would. Apple, in an astonishing move, apparently feels that security should take a back seat and re-enables autorun if iTunes is installed. Costin Raiu, chief security expert for Kaspersky Lab, explains the problem in "Why is Apple Meddling With My Windows Autorun".

Until Apple gets their act together, you're better off not having iTunes installed.