Sunbelt Software is warning of a new phishing scam, this one targeting Apple MobileMe users. The bogus email masquerades as a subscription expiration from Apple's MobileMe service.  The phishing scam uses a spoofed From address of Mobile IDisk [noreply01@me.com] [mailto:noreply01@me.com].

A copy of the MobileMe phishing email is available on the Sunbelt blog.

Research from the University of New South Wales indicates one defenses against email scams and phishing attacks may just be reading your email when you're feeling a bit down.

In the past few weeks, there have been a couple of worms targeted hacked iPhones. Nothing major and highly regional, but still a good wake up call. To spread, the worms take advantage of the default password on a jailbroken iPhone. If you decided to jailbreak your iPhone but have not changed the default passwords, you should definitely make sure you do that. Here are a couple of good resources to help you through the process:

The iPhone Hacking Kit, step by step (MacWorld)
Short and Sweet SSH Guide for the iPhone (Gizmodo)

A new Facebook email scam is making the rounds, carrying a malicious email attachment disguised as a Facebook user agreement. The email reads as follows:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run "agreement.exe" by double-clicking
it.

Thanks,
The Facebook Team

By unzipping and running the attached 'agreement.exe', recipients are actually installing a variant of the Sasfis trojan which attempts to install a backdoor and download additional malware via the Web. The email is spammed randomly, so anyone could receive it and fall victim to the malware whether or not they were a Facebook user.

In Windows 7, Microsoft finally did away with autorun, a feature that enabled trojans to spread rapidly over a network or between computers much in the same way a worm would. Apple, in an astonishing move, apparently feels that security should take a back seat and re-enables autorun if iTunes is installed. Costin Raiu, chief security expert for Kaspersky Lab, explains the problem in "Why is Apple Meddling With My Windows Autorun".

Until Apple gets their act together, you're better off not having iTunes installed.

IObit has issued a statement denying claims they stole all or part of the Malwarebytes signature database. Titled "Declaration from IObit", the statement declares:

"We have never used the database of any other companies. And hope Malwarebytes stop spreading malicious rumors for hyping itself. The ridiculousness: who will trust and depend on a security product that can NOT even protect itself?"

Apparently the IObit defense is that if it's possible to steal the signatures, then the product is no good. But that logic is so flawed that it makes one wonder if there are actually any real developers behind the IObit product(s). The scanner MUST be able to read the database of signatures, hence it is impossible to make the signatures truly theft-proof. Which is exactly why legitimate vendors seed their database with dummy signatures - to catch such theft.

IObit then makes a fatal error in defending the inclusion of the Malwarebytes "to catch a thief" signatures:

"NOTSURE.dll was submitted by someone called "KXX" and described as 'Rogue.AVCleanSweepPro' detected by Malwarebytes. Our analyzer carelessly used the same name."

The fatal error? Malwarebytes explains:

"We invite you to search Google for 'Rogue.AVCleanSweepPro' or just 'AVCleanSweepPro'. See if you can find a single place where anything called 'Rogue.AVCleanSweepPro' was ever detected in the wild by Malwarebytes or anyone else. When we did this today, the only hits we got were for our own report yesterday and people talking about it. Before we published our report yesterday there was not a single hit on Google for either name. This malware name simply does not exist in reality. We made it up in-house. Only four members of Malwarebytes' management were privy to the information about the fake files and the fake names. Therefore, any suggestion that somehow someone submitted to IObit a piece of malware anyone detected anywhere as 'Rogue.AVCleanSweepPro' is simply a lie.

Just prior to this controversy, IObit also came under fire for allegedly deceptively installing the Conduit toolbar on users' systems.

A few days ago, I received an email advertising the China-based IOBit anti-malware software. Problem is, the program may be derived entirely from stolen property of other reputable vendors. One of the victim vendors, Malwarebytes, did some intensive investigation - including publishing fake signatures - to prove that IOBit was stealing their malware signature database. The proof is compelling, as explained in this Malwarebytes forum post.

A company that would steal another vendor's database could also likely stoop to other nefarious practices - such as claiming a system is infected just to extort fees for an alleged cleanup tool (aka scareware). That's not to say this is what IOBit is doing, but just to point out that one unethical act typically breeds another.

The IOBit download is featured on download.com and majorgeeks.com, demonstrating that just because a download is featured on a legitimate site, it doesn't mean the download itself is legit. What can you do? Avoid using IOBit for starters. And perhaps act on the request from Malwarebytes "to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed".

A recent article from Brian Krebs of the Washington Post details how Peter Kleissner, formerly of Ikarus Software, was forced to resign and subsequently ostracized by the anti-malware community for releasing malware exploits and allegedly hacking an Internet kiosk.

While Krebs' article does a good job of chronicling the events, it's the last line that is the most telling. According to Kleissner, his actions are excusable because, "To me it's not good or bad, it's just technology."

That has to be the lamest excuse for rationalizing a bad deed. There is a hand at the end of our arms. That hand can shake another hand as a type of introduction. The hand can wave as a form of greeting or in bidding us farewell. The hand can stroke a child's hair and calm them when they are afraid. Used appropriately, that hand can reach out and help others. But balled into a fist or flattened into a slap, that hand can become a deadly weapon. Various gestures can make that hand offensive.

It all depends on how you use it.

In Kleissner's case, defending his action by claiming it's "just technology" is about as shortsighted and misguided as you can get. It is technology - but just like anything else, how you choose to use it determines whether it is good or bad. And in Kleissner's case, he has chosen to use it for bad.

A bogus email claiming to be from The Facebook Team has been hitting users inboxes. The email claims the recipient's password had to be changed, and further claims the attachment to the email contains their new password. Unfortunately for victims, all the attachment really contains is a malicious trojan designed to bypass firewalls and install scareware onto victims' computers.

Managed email provider MX Lab has the full details here.

Is truth in advertising a myth where Apple is concerned? Judging by the clever manipulation in Apple's current Mac OS X slogan, I'd have to say yes. That slogan - "Mac OS X doesn't get PC viruses" - could just as easily be twisted by Microsoft to read "Windows doesn't get Mac viruses".

Actually, through Parallels and BootCamp, there's a better chance that Mac could (at least theoretically) be impacted by a PC virus. But on the flip side, PCs don't run Mac OS X so there's no chance of a PC being impacted by a Mac virus. From that standpoint, Apple's slogan is an even bigger misrepresentation of the truth.

To be clear, Mac OS X can't be directly infected by a PC virus - but it can be infected by Mac malware and that's the bit that Apple seems to be obscuring.

Today's trojans are often highly specialized, targeting not just a particular operating system but also targeting specific activities on the computer. One example are banking trojans that are designed specifically to capture the credentials used for logging into your bank account. There are many techniques that banking trojans can use to steal your online bank credentials. Sean-Paul Correll of PandaLabs demonstrates one of the more insidious tricks used in this online demo of a banking trojan.