Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS Developer Site At Core of Facebook, Apple Watering Hole Attack

Posted by Soulskill on from the web-of-trust dept.

msm1267 writes "The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers' forum called iphonedevsdk which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond the big three. It's not clear whether the site remains infected, but researcher Eric Romang dug into the situation and determined that the site was hosting malicious JavaScript that was redirecting visitors to another site, min.liveanalytics. That site had been hosting malware as of Jan. 15."

6 of 88 comments (clear)

  1. malware by Mr.123 · · Score: 5, Interesting

    The site in question has been hosting malware on and off for over a year now. They were flagged at least half a dozen times by google over the past year for hosting malware. The site then went down for weeks while overhauling the entire forum software and then bam, this happens. Unfortunately some very good discussions happen on the site and I just can't quit using it.

  2. Re:Okay.... this is a new one. by ThisIsSaei · · Score: 5, Informative

    It's where you target a page used by multiple targets. Here a mobile developers forum was hit, that forum was not the real target but the people who use it frquently were. "Poisoning the watering hole" if you will.

  3. Re:without clicking on the link by houstonbofh · · Score: 5, Funny

    If you block *.com you should get a lot of it.

  4. Re:Okay.... this is a new one. by Anonymous Coward · · Score: 5, Funny

    What the heck is a "watering hole attack"?

    It's where troopers metaphorically attack a swagman by a billabong (the 'watering hole') causing him to leap to his death and subsequently haunt the area. I won't go into detail on how this applies in relation to computer security, but I'm sure you get the gist of it.

  5. Re:Okay.... this is a new one. by rb12345 · · Score: 5, Informative

    Traditionally, you had "spear phishing" attacks which had attackers sending malware or phishing emails directly to their targets. This is relatively easy to spot and filter. The "watering hole" attacks work by compromising a trusted third-party site used by the targets. For example, if your attacker know you read Slashdot or use some specialised forum site, they could attempt to compromise those sites and use them to host exploits as part of the normal pages (infected banner ads or modified page content).

  6. Re:Mac Users Do a Software Update by _xeno_ · · Score: 5, Informative

    The fix to patch the vulnerability and remove the malware if it's there is available today.

    The keyword there is "today." The actual Java patch was available earlier, it's just Apple only bothered patching their version of Java until - well, after they got bitten by the vulnerability, apparently. Apple had been content to just say "applets are no longer supported" and leave it at that.

    --
    You are in a maze of twisty little relative jumps, all alike.