The phishing emails appear to be official emails from Apple.com, with the title “Finally. The amazing iPhone 5. Now available in black edition.” The body of the message shows a hand holding a transparent iPhone, followed by an enticing offer to “check it out,” according to MacRumors.

Although there’s been much speculation about the next generation iPhone, Apple has not set a release date for it. In fact, Apple hasn’t even announced it yet, but that isn’t stopping this cleverly crafted Mac-themed scam from spreading.

So what are you checking out when you click the link to see the new iPhone 5?

You won’t receive any info about the smartphone, but you will enable a rigged Windows file to run malicious code on your computer. And you’ll also be taken to a phony Apple Web page that asks for your Apple ID and other sensitive information.

Apple announces new products, especially ones of this magnitude, in highly publicized press conferences. So if you receive an unsolicited email purporting to have information about the new iPhone 5, ignore it, DELETE IT WITHOUT EVEN READING IT.

story from: http://www.securitynewsdaily.com/cybercriminals-hoping-youll-bite-iphone-5-bait-0813/

This malware is quite well detected by many antivirus companies, but not all. It is a fairly standard Zapchast IRC trojan that will attempt to download lots of other crap & malware to your computer.

It also appears to try to  perform a DDOS flood attack against several other competing Mirc users and channels to block their channels, so no doubt will turn out to be connected to the typical fake AV scams and stealing your money

New Fast Flux Botnet for the Holidays: Could it be Storm Worm 3.0/Waledac 2.0?
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20101230
Those of us here at Shadowserver hope you’re having a wonderful holiday season and are ready to bring in the new year. We were trying to relax and enjoy relatively quiet times until we noticed a new spam campaign that recently started. At first it looked like your regular old holiday e-card scams that have been around for years.

However, upon closer inspection it looks like we could be dealing with the next generation of Storm Worm or Waledac. If you consider Waledac to be Storm Worm 2.0, this looks like it could be version 3.0 or at least Waledac 2.0. There are no real version numbers of course, but we don’t have anything else to call it yet. What’s it involve you ask?

CHARACTERISTICS OF NEW BOTNET

Well here’s the list of what we’ve seen so far:

* Large scale Spam campaigns sending out e-mails with links
* New malicious domains that are fast flux! (TTL of 0 and name servers that frequently update IPs)
* Links are to several hacked websites hosting HTML pages that refresh to new malicious domains
* Links are also directly to new malicious domains
* Malicious domains hosting links to fake flash player and refreshes to exploit pages
* Malware installs that begin beaching to several hosts over HTTP (what we dubbed HTTP2p with Waledac)
* Malware that’s been updated to look a bit more like legitimate than past variants
* A very buggy network that is not often available (upstream devices not available)
* Changing/Updated binaries

AVOID THESE E-CARD MESSAGES:

Let’s start with the Spam Campaign. We’ve seen a multitude of subject lines and bodies. Below you’ll find a list of subjects we’ve seen and an example e-mail message. These are coming from all over the Internet with spoofed sender addresses.

Greeting for you!
Greeting you with heartiest New Year wishes
Greetings to You
Happy New Year greetings e-card is waiting for you
Happy New Year greetings for you
Happy New Year greetings from your friend
Have a happy and colorful New Year!
l want to share Greeting with you
New Year 2011 greetings for you
You have a greeting card
You have a New Year Greeting!
You have received a greetings card
You’ve got a Happy New Year Greeting Card!

The advert on google looks like a search listing and it is only apparant that it is a sponsored listing or advert on close inspection

if you look at the screenshots of the 2 sites, you will see that there is very little difference between them and an unwary visitor can soon get infected

Don’t get caught out by it and get your passwords stolen. The downloads on the fake site are recognized by several antiviruses as a password stealer and downloads lots of other trojans and malware

the genuine site is on the left, the fake site on the right

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords