Backdoor malware targets iPad
Bogus email encourages users to upgrade iTunes with link, then malware accesses iPad. Windows PC only at this time.
http://www.crn.com.au/News/173074,ba...pple-ipad.aspx
On another issue about iPad security:
Safari is still rather vulnerable to exploits and Apple is slow to fix them. Safari is the iPad´s main browser, take great care surfing the dark corners of the internet with the device. The reason I say this is because there is virtually little other browser choices (only Opera Mini) and no ability to install security or network monitoring software on the device.
Note to Mac OS X users:
Dark net/pr0n surfing using another OS like Ubuntu Linux under a virtual machine software (under OS X) gives one the ability to dump the entire OS and revert to a first saved/installed version in case of a exploit. I would advise Mac users to install a outgoing firewall software like Little Snitch in OS X and activating itś network activity monitor. This way one can monitor the virtual machine (or anything else) softwareś outgoing connections. Also to always run as General User, not Admin User. (create new Admin, log in, switch original Admin to General User mode, log in)
Apple does not provide a outgoing firewire in OS X and doesn´t provide such security software on the iPad.
The Firefox browser vulnerabilities are fixed a lot faster than Safari´s and the various plug-ins like NoScript, AdBlock and RequestPolicy provide superior additional protection from avenues of exploitation while surfing the dark net.
Never click on a link to upgrade Flash, Quicktime, iTunes or anything else on questionable sites, instead relaunch your browser and visit the Adobe site yourself using Google search or a known bookmark to Adobe for Flash or Software Update for Quicktime/iTunes. Once you give your Admin password, it´s too late!
Quote:
Attacks disguised as iTunes updates.
Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device.
Sabina Datcu, technology writer for anti-virus firm BitDefender, wrote in a blog post today that the threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software.
"A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads," Datcu said.
"Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, as instead of the promised iTunes update they get malware on their systems."
The Backdoor.Bifrose.AADY malware opens up a backdoor which could let the perpetrator gain unauthorised access to the device, warned Datcu.
It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts.
Mac users are unaffected by the malware, according to Datcu.
Attacks disguised as iTunes updates.
Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device.
Sabina Datcu, technology writer for anti-virus firm BitDefender, wrote in a blog post today that the threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software.
"A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads," Datcu said.
"Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, as instead of the promised iTunes update they get malware on their systems."
The Backdoor.Bifrose.AADY malware opens up a backdoor which could let the perpetrator gain unauthorised access to the device, warned Datcu.
It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts.
Mac users are unaffected by the malware, according to Datcu.
http://www.crn.com.au/News/173074,ba...pple-ipad.aspx
On another issue about iPad security:
Safari is still rather vulnerable to exploits and Apple is slow to fix them. Safari is the iPad´s main browser, take great care surfing the dark corners of the internet with the device. The reason I say this is because there is virtually little other browser choices (only Opera Mini) and no ability to install security or network monitoring software on the device.
Note to Mac OS X users:
Dark net/pr0n surfing using another OS like Ubuntu Linux under a virtual machine software (under OS X) gives one the ability to dump the entire OS and revert to a first saved/installed version in case of a exploit. I would advise Mac users to install a outgoing firewall software like Little Snitch in OS X and activating itś network activity monitor. This way one can monitor the virtual machine (or anything else) softwareś outgoing connections. Also to always run as General User, not Admin User. (create new Admin, log in, switch original Admin to General User mode, log in)
Apple does not provide a outgoing firewire in OS X and doesn´t provide such security software on the iPad.
The Firefox browser vulnerabilities are fixed a lot faster than Safari´s and the various plug-ins like NoScript, AdBlock and RequestPolicy provide superior additional protection from avenues of exploitation while surfing the dark net.
Never click on a link to upgrade Flash, Quicktime, iTunes or anything else on questionable sites, instead relaunch your browser and visit the Adobe site yourself using Google search or a known bookmark to Adobe for Flash or Software Update for Quicktime/iTunes. Once you give your Admin password, it´s too late!
Comments
Mac users are unaffected by the malware, according to Datcu.
Oh dear, those poor Windows users.
The iPad isn't targeted at all and in fact is not even involved. In fact this a Trojan Horse targeted at Windows users.
Like most Trojans, the end users stupidity/ignorance/greed becomes their downfall.
Bogus email encourages users to upgrade iTunes with link, then malware accesses iPad.
No. Malware doesn't access iPad. Nor is this anything to do with Safari.
This malware accesses idiots. If you are going to keep spamming us with links to "negative" Apple news can't you at least make the effort to understand them?
Apple's facilities for upgrading iTunes or other Apple software is through Software Update.
Like most Trojans, the end users stupidity/ignorance/greed becomes their downfall.
Exactly, Mac users of OS X know this and are less likely to fall for this trick as the safer behavior is reinforced through Software Update.
The only potential issue for Mac users is bogus links to upgrade Flash or some other browser plug-in.
I wonder if the issues with the insecurities of Safari and Flash have to do with so many people not knowing they have to update Flash themselves through Adobe? Thus they run older and more vulnerable versions of Flash, thus more exploits with the browser most used on Mac´s?
Did Apple create a problem by not including Flash upgrades in the Software Update?
Exactly, Mac users of OS X know this and are less likely to fall for this trick as the safer behavior is reinforced through Software Update.
Apple Software Update exists on Windows too. That's how you update iTunes and Safari on Windows.
Exactly, Mac users of OS X know this and are less likely to fall for this trick as the safer behavior is reinforced through Software Update.
The only potential issue for Mac users is bogus links to upgrade Flash or some other browser plug-in.
I wonder if the issues with the insecurities of Safari and Flash have to do with so many people not knowing they have to update Flash themselves through Adobe? Thus they run older and more vulnerable versions of Flash, thus more exploits with the browser most used on Mac´s?
Did Apple create a problem by not including Flash upgrades in the Software Update?
No Flash has been one of the issues with security in the recent past. I'm not sure that major steps forward in security will happen until there are some major revamping of Flash code and Webkit for that matter. Though that's just a guess I've got nothing to back it up.
No. Malware doesn't access iPad. Nor is this anything to do with Safari.
This malware accesses idiots. If you are going to keep spamming us with links to "negative" Apple news can't you at least make the effort to understand them?
Just so we know, this thread was apparently posted in response to my challenge to his implication in another thread (and repeated here) that the iPad has security issues. Since there's not a scintilla of evidence for such a thing, instead we get this completely phony argument which is either utterly ignorant or deliberately misleading.
FUD.
Just so we know, this thread was apparently posted in response to my challenge to his implication in another thread (and repeated here) that the iPad has security issues.
Thanks Dr. I don't think that Spot needs any excuse for this kind of BS.
With nearly 300 posts in his first month he seems to be following the pattern of the other irritants, now banned.
No Flash has been one of the issues with security in the recent past. I'm not sure that major steps forward in security will happen until there are some major revamping of Flash code and Webkit for that matter. Though that's just a guess I've got nothing to back it up.
Flash has issues, but I think Apple could have been decent enough to include Flash in Software Updates as not to make the problem worse than it is.
Mac users trust Software Update, itś automatic and all.
Apple Software Update exists on Windows too. That's how you update iTunes and Safari on Windows.
Good point. So there must be some other factor.