Slashdot Mirror

IMITATION = the SINCEREST form of FLATTERY (like you stole my initials APK) & "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight"!

APK

P.S.=> For the best hosts file multiplatform:

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)

APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)

Soon for MacOS too (I just got a NEW Mac-Mini to port it there too)... apk

IMITATION = the SINCEREST form of FLATTERY (like you stole my initials APK) & "Sometimes, people deserve to have their FAITH REWARDED" per Lucius Fox in "The Dark Knight" - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy)

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight"!

P.S.=> For the best hosts file, multiplatform:

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)

APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)

Soon for MacOS too (I just got a NEW Mac-Mini to port it there too)... apk

For the BEST hosts file, multiplatform https://it.slashdot.org/commen...

* :)

* "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy))

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight"!

APK

P.S.=> "Batman has NO LIMITS" per the "Dark Knight" quote from Christian Bale in it... apk

Questions like what? All you do is HIDE behind UNIDENTIFIABLE anon posts STALKING me & don't stand behind your crap + abuse 'downmodpoints' I easily nullify (via unlimited repost ability I have unlike MOST AC posters)...

& me? Well, ok:

* "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy))

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight"!

APK

P.S.=> Thanks for proving my point & why not APPLY YOURSELF constructively as I have https://it.slashdot.org/commen... & MAKE A WHEEL https://isc.sans.edu/forums/di... as I have that works vs. threats multiplatform INSTEAD of pulling the crap you do? Do you LACK the skills?? Learn them... apk

I know 120++ /.ers using hosts & 100,000++ users of my ware for hosts file creation 4 more speed/security via https://it.slashdot.org/commen...

* :)

(No offense intended but you MIGHT want to re-think that speaking in NEAR "absolutes"...)

& me? Well, ok:

* "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy))

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight"

APK

P.S.=> Hosts files come BY DEFAULT (in Windows) w/ 127.0.0.1 as loopback adapter address ... apk

See subject: Instead of "trolling" me? Make a wheel https://isc.sans.edu/forums/di... you waste of life...

* ... or, is it because you've WASTED so much of your God-given life & time that you don't have what it takes to do so? My money's on THAT regarding YOU & "your kind"...

* "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy))

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight" (like me & your CRAP's the SHIT I get? Please - Mr. Advertiser/webmaster (who IF your kind didn't track/infect/slow us I'd never have put out my program in the 1st place), INFERIOR competitor OR malware maker/botnet herder - I see RIGHT thru you & your "PETTY MOTIVATIONS"

APK

P.S.=> I can do it & it works https://it.slashdot.org/commen... - YOU? Obviously can't... apk

Thanks: Dozens of /.ers think so w/ 100k++ users worldwide & I did something that works (have you?) https://it.slashdot.org/commen...

* "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy))

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight" (like me & your CRAP's the SHIT I get? Please - Mr. Advertiser/webmaster (who IF your kind didn't track/infect/slow us I'd never have put out my program in the 1st place), INFERIOR competitor OR malware maker/botnet herder - I see RIGHT thru you & your "PETTY MOTIVATIONS"... apk

* THINK ABOUT THAT & Make a wheel as I have per https://isc.sans.edu/forums/di...

APK

P.S.=> Only thing HOLDING YOU DOWN from doing the right thing as I have, is YOU - & ME? Hey - "I'm whatever Gotham NEEDS me to BE" per Batman in "the Dark Knight"... apk

See subject: & you can TRY (whipslash failed for 2 yrs. straight) & "You'll hunt me. You'll condemn me. Set the dogs on me" Batman from "The Dark Knight" (& you'll FAIL)...

* "Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers disappear too (right from that scene in the film by analogy))

Host-domain use IS down & I can't HELP but think what I did helped that per https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

APK

P.S.=> "He didn't do anything wrong" - Jamie Gordon "The Dark Knight" (like me & your CRAP's the SHIT I get? Please - Mr. Advertiser/webmaster (who IF your kind didn't track/infect/slow us I'd never have put out my program in the 1st place), INFERIOR competitor OR malware maker/botnet herder - I see RIGHT thru you & your "PETTY MOTIVATIONS"... apk

"Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

* :)

As I did seeing host-domain name use going DOWN in malware per https://unit42.paloaltonetwork...

Analogy per Batman in regards to what Lucius Fox saw @ the end of "The Dark Knight"!

(Get rid of the tracking which my ware does w/ knocking out malware sources of infestation).

Is it working? YES!

(MY FAITH IS REWARDED by my ACT OF FAITH's results)

APK

P.S.=> Any of you with talent/skills should be doing the SAME & Make a Wheel https://isc.sans.edu/forums/di... as I did multiplatform - it's EXACTLY mostly for those who you speak of... apk

See subject: Want to do a layered-security/defense in depth right & resolve FASTER vs. remote DNS (most unpatched vs. the Kaminsky redirect poisoning flaw mind you), especially ISP dns?

Do it yourself via https://slashdot.org/comments....

"Sometimes, people deserve to have their FAITH REWARDED" per Batman in regards to what Lucius Fox saw @ the end of "The Dark Knight"!

(Get rid of the tracking which my ware does w/ knocking out malware sources of infestation).

Is it working? YES as attacks by malicious host-domain names in URL's = down & I noticed it recently as did these guys:

https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

APK

P.S.=> You w/ skills should be doing the SAME & Make a Wheel https://isc.sans.edu/forums/di... as I did multiplatform & it works (for less, doing MORE vs. ANY single 'competitor' full of security issues (DNS/Antivirus) OR 'souled-out' to NOT work by default (adblock))... apk

See subject: Want to do a job right (layered-security/defense in depth right) & resolve FASTER vs. remote DNS (most unpatched vs. the Kaminsky redirect poisoning flaw mind you), especially ISP dns?

Do it yourself via https://slashdot.org/comments....

"Sometimes, people deserve to have their FAITH REWARDED" per Batman in regards to what Lucius Fox saw @ the end of "The Dark Knight"!

(Get rid of the tracking which my ware does w/ knocking out malware sources of infestation).

Is it working? YES as attacks by malicious host-domain names in URL's = down & I noticed it recently as did these guys:

https://unit42.paloaltonetwork...

(MY FAITH IS REWARDED by that - an ACT OF FAITH on my part)

APK

P.S.=> You w/ skills should be doing the SAME & Make a Wheel https://isc.sans.edu/forums/di... as I did multiplatform & it works (for less, doing MORE vs. ANY single 'competitor' full of security issues (DNS/Antivirus) OR 'souled-out' to NOT work by default (adblock))... apk

"U either die a hero or live long enough to see urself become a villain" ("your kind" try make it so) vs. https://it.slashdot.org/commen...

"Sometimes, people deserve to have their FAITH REWARDED" per Batman saying it in regards to what Lucius Fox saw @ the end of "The Dark Knight" too!

(Get rid of the tracking which my ware does also besides knocking out malware of most all types sources of infestation).

See subject: Any of you with talent/skills should be doing the SAME & Make a Wheel https://isc.sans.edu/forums/di... as I did multiplatform & yes, it works (for less, doing MORE vs. ANY single 'competitor' full of security issues (DNS/Antivirus) OR 'souled-out' to NOT work by default in full (adblock).

APK

P.S.=> Is it working? MUST BE as attacks by malicious host-domain names in URL's has gone down & I noticed it too recently as did these guys:

https://unit42.paloaltonetwork...

(& thus, MY FAITH IS REWARDED by that evidence alone - believe me, making it & then putting up w/ CRAP I do from trolls too? It was truly an ACT OF FAITH on my part)... apk

"Sometimes, people deserve to have their FAITH REWARDED" per https://it.slashdot.org/commen...

* :)

(Any of you with talent/skills should be doing the SAME & Make a Wheel https://isc.sans.edu/forums/di... as I did multiplatform - it's EXACTLY mostly for those who you speak of...)

APK

P.S.=> Is it working? MUST BE as attacks by malicious host-domain names in URL's has gone down & I noticed it too recently as did these guys https://unit42.paloaltonetwork... (& thus, MY FAITH IS REWARDED by that evidence alone - believe me, making it & then putting up w/ CRAP I do from trolls too? It was truly an ACT OF FAITH on my part)... apk

Per (& this is a WEIRD one): "The communications module is responsible for reaching out to hardcoded URLs to communicate with the C2 server, but like previous Disttrack samples, this communication module does not contain functional C2 domains to use in the URLs." - FROM https://unit42.paloaltonetwork...

* Assuming it's NOT using any OLDER ones from their previous articles on older versions of "Shamoon" - & I don't recall them so look for yourself IF you wish, they post links to old research I didn't check yet (complex article, as is).

(I'd have to say @ this point @ least, Mb & not send back anything to some 'controlling entity' imo - unlike most other botnets/malwares etc., this one's a "wee bit different" in THAT aspect hence my statement now... & IT HAS TO COME FROM SOMEWHERE, so if NOT ONLINE, perhaps USB sticks & LOCAL people in said organizations that were attacked...)

APK

P.S.=> That quote - THAT'S ODD - no domain/hostnames for C&C or unless I missed it, no IP addresses even (correct me IF I am off/wrong & missed these - no coffee yet today)... apk

See subject & my sources my program gets do it @ diff. intervals ALL AROUND THE CLOCK & I go 'above & beyond it' personally - how?

SECURITY SITES I WILL LIST FOR YOU (these are excellent finding all kinds of exploiters & malicious sites/servers galore for ALL types of threats):

http://blog.talosintelligence....
https://www.welivesecurity.com...
https://blog.malwarebytes.com/
https://researchcenter.paloalt...
https://www.bleepingcomputer.c...
https://securityintelligence.c...
https://www.cyren.com/blog
http://garwarner.blogspot.com/
http://www.malwaretech.com/
https://securelist.com/all/?ca...
https://www.fireeye.com/blog/t...
https://www.secureworks.com/re...
https://research.checkpoint.co...
http://blog.trendmicro.com/tre...
https://www.proofpoint.com/us/...
https://blog.comodo.com/catego...

That's 25 sources in total from the security community that UPDATES all the time around the clock - my program makes easy work of consolidating all that data is all! It works (see testimonials I posted in my other replies to you from /. peers).

APK

P.S.=> ... & YOU, personally, have FULL CONTROL OF THE DATA (try that w/ addons OR a REMOTE DNS - good luck on the latter & the former? You'd best know regular expressions)... apk

0.0.0.0 host.vivialvarez.com.ar
0.0.0.0 kw.projetoraizes.com.br
0.0.0.0 net.jacquieleebrasil.com.br
0.0.0.0 bintiye.helpthevets.org
0.0.0.0 mcimaildmz.dinnerplate.co.uk
0.0.0.0 candidulumbestuurlijk.newlandsierrarealestate.com
0.0.0.0 frageboegen-plletyksin.breastcanceroutreach.com
0.0.0.0 reikleivn-azarashi.orlandohomesbydevito.com
0.0.0.0 litigators.esteroscreen.com
0.0.0.0 vivialvarez.com.ar
0.0.0.0 projetoraizes.com.br
0.0.0.0 jacquieleebrasil.com.br
0.0.0.0 helpthevets.org
0.0.0.0 dinnerplate.co.uk
0.0.0.0 newlandsierrarealestate.com
0.0.0.0 breastcanceroutreach.com
0.0.0.0 orlandohomesbydevito.com
0.0.0.0 esteroscreen.com
0.0.0.0 qrwzoxcjatynejejsz.com
0.0.0.0 yfczmludodohkdqnij.com
0.0.0.0 ranetardinghap.com
0.0.0.0 cetinhechinhis.com
0.0.0.0 tedgeroatref.com
0.0.0.0 rerobloketbo.com
0.0.0.0 tonthishessici.com
0.0.0.0 allofuslikesforums.com
0.0.0.0 oqpwldjc.mjobrkn3.eu
0.0.0.0 mjobrkn3.eu
0.0.0.0 maisto.com
0.0.0.0 rp4roxeuhcf2vgft.onion.to
0.0.0.0 rp4roxeuhcf2vgft.onion.cab
0.0.0.0 rp4roxeuhcf2vgft.onion.city
0.0.0.0 onion.to
0.0.0.0 onion.cab
0.0.0.0 onion.city

* Putting those in your custom hosts file stops this thing cold... & I never said "hosts cure all" (but they do a LOT MORE for a LOT less...)

APK

P.S.=> Courtesy/Credits to http://researchcenter.paloalto... AND https://www.proofpoint.com/us/... ... apk

Wow, funny, I didn't have to look far to even expose what you said as incorrect:

http://www.computerworld.com/a...

-Comes from the official app store
-Does not require a jailbroken phone
-Enterprise certificates are not security, it only costs $299 to get one, or just steal one to abuse

Another
http://www.macrumors.com/2015/...

-came in through the official app store
-phished user credentials
-doesn't require jailbroken phones
-used the developer's own cert, so no cert required

http://researchcenter.paloalto...

Another

Now, show me examples of Android malware available on the official app store, that doesn't require developer mode being enabled (like jailbreaking for android, but built in), and isn't a parental control app (which I would exclude as well...we aren't talking about apps designed to be used by the user this way).

0.0.0.0 host.vivialvarez.com.ar
0.0.0.0 kw.projetoraizes.com.br
0.0.0.0 net.jacquieleebrasil.com.br
0.0.0.0 bintiye.helpthevets.org
0.0.0.0 mcimaildmz.dinnerplate.co.uk
0.0.0.0 candidulumbestuurlijk.newlandsierrarealestate.com
0.0.0.0 frageboegen-plletyksin.breastcanceroutreach.com
0.0.0.0 reikleivn-azarashi.orlandohomesbydevito.com
0.0.0.0 litigators.esteroscreen.com
0.0.0.0 vivialvarez.com.ar
0.0.0.0 projetoraizes.com.br
0.0.0.0 jacquieleebrasil.com.br
0.0.0.0 helpthevets.org
0.0.0.0 dinnerplate.co.uk
0.0.0.0 newlandsierrarealestate.com
0.0.0.0 breastcanceroutreach.com
0.0.0.0 orlandohomesbydevito.com
0.0.0.0 esteroscreen.com
0.0.0.0 qrwzoxcjatynejejsz.com
0.0.0.0 yfczmludodohkdqnij.com
0.0.0.0 ranetardinghap.com
0.0.0.0 cetinhechinhis.com
0.0.0.0 tedgeroatref.com
0.0.0.0 rerobloketbo.com
0.0.0.0 tonthishessici.com
0.0.0.0 allofuslikesforums.com
0.0.0.0 oqpwldjc.mjobrkn3.eu
0.0.0.0 mjobrkn3.eu
0.0.0.0 maisto.com
0.0.0.0 rp4roxeuhcf2vgft.onion.to
0.0.0.0 rp4roxeuhcf2vgft.onion.cab
0.0.0.0 rp4roxeuhcf2vgft.onion.city
0.0.0.0 onion.to
0.0.0.0 onion.cab
0.0.0.0 onion.city

* Putting those in your custom hosts file stops this thing cold...

APK

P.S.=> Courtesy/Credits to http://researchcenter.paloalto... AND https://www.proofpoint.com/us/... ... apk

From the technical analysis section of the research document

In addition to this behavior, it seems like KeRanger is still under development. There are some apparent functions named “_create_tcp_socket”, “_execute_cmd” and “_encrypt_timemachine”. Some of them have been finished but are not used in current samples. Our analysis suggests the attacker may be trying to develop backdoor functionality and encrypt Time Machine backup files as well. If these backup files are encrypted, victims would not be able to recover their damaged files using Time Machine.

So it would appear that Time Machine's current design keeps it's data safe -- for now -- from having one's online backups encrypted. As others have pointed out, that's not likely to last and offline backups are a *very* good idea.

The actual article is here:

http://researchcenter.paloalto...

Forbes has chosen to speed their journey into irrelevance with their policies. Don't force Slashdot to follow them down that hole by becoming dependent upon their content.

I would make a sincere request that the editors stop accepting any articles from Forbes, period.

https://www.techdirt.com/artic...

http://www.extremetech.com/int...

http://www.networkworld.com/ar...

http://www.networkworld.com/ar...

One of these sweet bits of kit was the angler exploit kit.

http://researchcenter.paloalto...

Just imagine, 90,000 plus websites out there, just waiting for me to disable my adblocker in order to get some of their yummy ransomware.

Anyhow, take this in the spirit it's given, in case the editors didn't know what Forbes stands for these days. Forced malware.

For custom hosts files entries blocked:

0.0.0.0 190-244-169-193.deltahost.com.ua
0.0.0.0 deltahost.com.ua
0.0.0.0 com.ua
0.0.0.0 azureon-line.com
0.0.0.0 mozilla-plugins.com

& for firewalls entries blocked:

198.105.125.74
193.169.244.190
111.90.148.148

* DONE - using what you ALREADY NATIVELY HAS the does the job to NULLIFY this thing!

DATASOURCE -> http://researchcenter.paloalto...

(... & thus, even IF you were infected by it, it can't "talk back to mama" for orders or anything else (like data transferrals))

APK

P.S.=> Of course, lastly "shameless plug": For the BEST possible custom hosts file for more speed, security, reliability, & anonymity online?

APK Hosts File Engine 9.0++ SR-4 32/64-bit: http://www.start64.com/index.p...

Does more with what you already NATIVELY have & for less resources or power consummation than ANY other SINGLE "so-called 'solution'" out there vs. modern threats, bar-none... apk

For custom hosts files entries blocked:

0.0.0.0 190-244-169-193.deltahost.com.ua
0.0.0.0 deltahost.com.ua
0.0.0.0 com.ua
0.0.0.0 azureon-line.com
0.0.0.0 mozilla-plugins.com

& for firewalls entries blocked:

198.105.125.74
193.169.244.190
111.90.148.148

* DONE - using what you ALREADY NATIVELY HAS the does the job to NULLIFY this thing!

DATASOURCE -> http://researchcenter.paloalto...

(... & thus, even IF you were infected by it, it can't "talk back to mama" for orders or anything else (like data transferrals))

APK

P.S.=> Of course, lastly "shameless plug": For the BEST possible custom hosts file for more speed, security, reliability, & anonymity online?

APK Hosts File Engine 9.0++ SR-4 32/64-bit: http://www.start64.com/index.p...

Does more with what you already NATIVELY have & for less resources or power consummation than ANY other SINGLE "so-called 'solution'" out there vs. modern threats, bar-none... apk

For custom hosts files entries blocked:

0.0.0.0 190-244-169-193.deltahost.com.ua
0.0.0.0 deltahost.com.ua
0.0.0.0 com.ua
0.0.0.0 azureon-line.com
0.0.0.0 mozilla-plugins.com

& for firewalls entries blocked:

198.105.125.74
193.169.244.190
111.90.148.148

* DONE - using what you ALREADY NATIVELY HAS the does the job to NULLIFY this thing!

DATASOURCE -> http://researchcenter.paloalto...

(... & thus, even IF you were infected by it, it can't "talk back to mama" for orders or anything else (like data transferrals))

APK

P.S.=> Of course, lastly "shameless plug": For the BEST possible custom hosts file for more speed, security, reliability, & anonymity online?

APK Hosts File Engine 9.0++ SR-4 32/64-bit: http://www.start64.com/index.p...

Does more with what you already NATIVELY have & for less resources or power consummation than ANY other SINGLE "so-called 'solution'" out there vs. modern threats, bar-none... apk

These types of worms also rely on social engineering to convince the user to click on the link and run the malware.

So, not a worm, but a trojan, which iOS also has.

In short, to install this malware - 1) You need to install the mobile provisioning certificate - a web page cannot do it, as the user must tap "OK" to actually install it. A user can list and view such provisioning certificates at will. They self-expire after a year.

It's even harder to accidentally install enterprise certificates in iOS 9.

http://researchcenter.paloalto...

"(As noted above, the new iOS 9 requires users to manually set related provisioning profile as trusted in Settings before they can install Enterprise provisioned apps. This new feature is also helpful for preventing some security incidents caused by abusing enterprise certificates.)"

Any device that is compatible with iOS 8 is also compatible with iOS 9.

That Palo Alto article has been updated it now includes

UPDATE September 21: In the current version of the code, XcodeGhost cannotbe directly used to phish iCloud passwords.

First, I'm not "some poster" and two, I'm suggesting you read the updated article that says phishing is not possible with XcodeGhost.

Because you can verify that it's the same code by simply looking at the disassembly in the Palo Alto Networks articles?

The author of said article confirmed it was the same source code and updated his post after I pointed out the discrepancy.

>> if security and privacy are a concern, maybe iPhone isn't really such a bad option

Dude, is Google down today? http://lmgtfy.com/?q=iphone+ma...

Then look up WireLurker. Then MASQUE-D. And if you jailbreak a phone, pretty much all bets are off.

WireLurker looks to be pretty nasty, that's for sure. But it's also only on a GreyWare "App Store", NOT available through legit channels.

And MASQUE-D is such a threat (NOT!) that I had to try two different search terms to even FIND a reference on Google. Plus, it again is a Trojan, that has to entice the user to install it from a non-legitimate "App" site.

And as far as JailBreaking your iOS device, you get what you deserve, period.

So, thanks for proving the point that the "Walled Garden" actually WORKS. If you want to spend the extra effort to step outside into the Methane-Gas atmosphere, then don't complain when you start choking...

Next!

There is a PDF report on the main website for Unit42 about the malware, but it has a fairly invasive registration process. Signed up with bs info and uploaded to public google drive for everyone.

Link to the researchers website for those cautious about the gdocs link

Straight Link to the report (requires registration)

Have not read the technical details yet, but it looks fairly comprehensive.

There is a PDF report on the main website for Unit42 about the malware, but it has a fairly invasive registration process. Signed up with bs info and uploaded to public google drive for everyone.

Link to the researchers website for those cautious about the gdocs link

Straight Link to the report (requires registration)

Have not read the technical details yet, but it looks fairly comprehensive.

"RTFA, please. This didn’t require jailbreaking to infect the phone." Non-jailbroken phones were never 'infected.' WireLurker simply loaded a harmless comic book app on non-jailbroken devices. Since WireLurker didn't jailbreak your device, it was limited to the iOS sandbox. This wasn't even malware for non-jailbreak devices. The user was prompted to install an enterprise app, and had the ability to allow/deny. The app itself was harmless. The only malware was for jailbroken devices.

According to the original source you are incorrect in insisting on non-jailbroken devices not being infected:

"Unit 42 has recently discovered a new family of Apple OSX and iOS malware, aptly named “WireLurker”. Characteristics of this malware family, including its ability to infect even non-jailbroken iOS devices through trojanized and repackaged OS X applications"

-- Of known malware families distributed through trojanized / repackaged OS X applications, it is the biggest in scale we have ever seen
-- It is only the second known malware family that attacks iOS devices through OS X via USB
-- It is the first malware to automate generation of malicious iOS applications, through binary file replacement
-- It is the first known malware that can infect installed iOS applications similar to a traditional virus
-- It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning

Some people do this in hardware now with no performance impact (DPI is traditionally very processor intensive). They don't look at things in term of TCP anymore, but by application. You can block, say, Facebook and Twitter but allow RMTPT (Flash video streaming over HTTP). And you can easily block any traffic on port 80 that you don't recognize as HTTP. This exists because people used to do protocol tunneling to circumvent traditional firewalls (HTTP in DNS over UDP for example). Modern DPI devices are designed to detect those creative methods with no performance (and therefore delay) impact.

You do need a lot of hardware, but not as much as 3 years ago. And when you have a government-sized budget for this, nothing is impossible.

I hate mentioning only Palo Alto, but in my knowledge (I'm a network test equipment vendor employee - I test the performance of these devices for a living) they are the only ones to do that in hardware. Checkpoint does the exact same thing but as far as I know it's not done in hardware - they do claim it has no performance impact but I haven't had a chance to test this myself.

Gartner published a report (here hosted by PA, reg. unfortunately required) that goes over all these challenges. I'm fairly sure somebody in Iran read this report and implemented it.

Some people do this in hardware now with no performance impact (DPI is traditionally very processor intensive). They don't look at things in term of TCP anymore, but by application. You can block, say, Facebook and Twitter but allow RMTPT (Flash video streaming over HTTP). And you can easily block any traffic on port 80 that you don't recognize as HTTP. This exists because people used to do protocol tunneling to circumvent traditional firewalls (HTTP in DNS over UDP for example). Modern DPI devices are designed to detect those creative methods with no performance (and therefore delay) impact.

You do need a lot of hardware, but not as much as 3 years ago. And when you have a government-sized budget for this, nothing is impossible.

I hate mentioning only Palo Alto, but in my knowledge (I'm a network test equipment vendor employee - I test the performance of these devices for a living) they are the only ones to do that in hardware. Checkpoint does the exact same thing but as far as I know it's not done in hardware - they do claim it has no performance impact but I haven't had a chance to test this myself.

Gartner published a report (here hosted by PA, reg. unfortunately required) that goes over all these challenges. I'm fairly sure somebody in Iran read this report and implemented it.

Pretty close: http://www.paloaltonetworks.com/researchcenter/2009/08/applipedia-on-the-iphone/

This is the future of firewalls. It's expensive now because it's new. But soon, you'll be able to do this on your SOHO (or SMB) firewalls: http://www.paloaltonetworks.com/