14 DAY TRIAL // It has been revealed that a file posing as a popular iPhone game, ("Penguin Panic") is circulating through spammed e-mails. Users should avoid what Sophos identified as “Troj/Agent-HNY,” being spread via e-mail as an attachment dubbed Penguin.Panic.zip.
According to researchers at Sophos, the file contains a Trojan, which, as ironic as it sounds, only takes its toll on Windows-running PCs. The file name and subject lines, however, were chosen in relation to Apple's iPhone due to the handset's growing popularity, eWeek points out. But, regardless of the means or the reasons, Sophos clearly states that the Trojan can potentially allow a hacker to take over a PC, once infected.
Reportedly, the Trojan has been identified by Sophos as Troj/Agent-HNY. The file is spread via e-mail as an attachment dubbed Penguin.Panic.zip after the popular "Penguin Panic" game for the iPhone. Containing subject lines such as “Virtual iPhone games!” and “Apple: The most popular game!”, the malicious package is targeting unsuspecting video game fans.
“It's your bog-standard malicious Trojan horse, designed to hand control of the compromised computer over to a third-party hacker,” said Graham Cluley, senior technology consultant at Sophos. “That hacker can then take over the compromised PC to download further malware, or launch spam campaigns, install spyware to steal your identity or launch a distributed denial-of-service attack. Because so many Trojan horses these days download additional code from the Internet, hackers can change the ultimate payload at anytime they wish–they just update the file which the Trojan tries to download.”
Cluley went on explaining that even non-iPhone owners may be lured into clicking on the Trojan: “Inside the zip is a Windows executable file, so any Windows user who opens the zip will think that it's a program that they can run,” Cluley said. “No doubt if they want to try out the game they will click on the icon. If they do happen to have an iPhone then they may think it is an installer to copy the game over to their mobile device”.
Sophos said this was the first time the security company had seen a piece of malware posing as an iPhone game. Since the iPhone started to take off, reports of issues ranging from actual malware to passcode bypass have increased in number, Sophos says.