Malware City/Blog/

Apr
26
Filed Under:
ALERTS

iPad Users Targeted by Backdoor Dissembled as iTunes Update

26 April 2010
An e-mail invitation to an iTunes update gets iPad users’ PCs into backdoor trouble.

Success stories are cybercriminals’ go to sources of  victims and the iPad craze couldn’t have been left out of this picture.  According to some reports, Apple sold 150.000 iPads in the first 60 hours of presale availability, with almost 100.000 of these coveted devices being pre-ordered in the first 10 hours. The figures make it clear as daylight why malware creators were so keen on crashing this promising party.

The invitation to the “contagious fiesta” comes via the e-mail: an unsolicited message instructs iPad users to download on their PCs the latest version of the iTunes software as a preliminary step to an update of their iPad software.

iPad Spam

Fig. 1 The fake iPad software update announcement

To carry conviction, the e-mail emphasizes that  users should keep their iPad software updated “for best performance, newer features and security”.

It goes on to clarify the multi-step procedure by pointing out that in order for the update to be performed the latest version of iTunes should first be downloaded from the Internet. A direct link to the download location is conveniently provided. As a proof of cybercrime finesse, the webpage the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads.

Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data as instead of the promised iTunes update they get malware on their systems.

phishing apple itunes download

Fig. 2 The download  that will turn the update into a nightmare

Identified by BitDefender as Backdoor.Bifrose.AADY,the piece of malicious code inadvertently downloaded injects itself in to the explorer.exe processand opens up a backdoor that allows unauthorized access to and control over the affected system.

Moreover, Backdoor.Bifrose.AADYattempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.

It is important to say that Mac users remain unaffected by this piece of malware.




Article rating:

  • Share our story:
  • Share on Twitter
By Sabina Datcu
Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.

Related

23-04-2010 | Facebook Application Spreading Adware

19-04-2010 | Trojan as Fake Google Chrome Extension

12-04-2010 | iPhone Unlocking Tricks get PCs into Trouble

09-04-2010 | Malware-Loaded Spam Waves Generously Wash the Shores of Facebook® and MySpace(TM)

Comments:

Nunuvyer Bizniz said on Apr-26-2010 16:42

"It is important to say that Mac users remain unaffected by this piece of malware."

Of course, because Windows is the problem. This really has nothing to do with iPad.

zerosomething said on Apr-27-2010 13:29

This is a Windows attack not an iPad attack. The user must install software on a Windows system from there they have access to the system. I seriously doubt this installs anything on the iPad or affects the iPad in any way.

Sabina Datcu said on Apr-28-2010 12:40

Exactly. If the malware creators were able to target Mac customers, it would have spread a lot, but because most antivirus companies detect this piece of malware, it’s aimed at Windows users who have bought an iPad and who also don’t run a security product.

Melvin Scotts said on May-2-2010 13:38

It is not hard to make malware the mac you know.
So saying windows is the problem is a moot point nowadays since macs can get viruses now.
The makers of this virus can make it work for a mac if they wanted too just a matter of time.

Comment on this

Name:

Email:

Website:

Your email adress will not be published.