2 min read

iPad Users Targeted by Backdoor Dissembled as iTunes Update

Sabina DATCU

April 26, 2010

Promo Protect all your devices, without slowing them down.
Free 30-day trial
iPad Users Targeted by Backdoor Dissembled as iTunes Update

Success stories are cybercriminals’ go to sources of  victims and the iPad craze couldn’t have been left out of this picture.  According to some reports, Apple sold 150.000 iPads in the first 60 hours of presale availability, with almost 100.000 of these coveted devices being pre-ordered in the first 10 hours. The figures make it clear as daylight why malware creators were so keen on crashing this promising party.

The invitation to the “contagious fiesta” comes via the e-mail: an unsolicited message instructs iPad users to download on their PCs the latest version of the iTunes software as a preliminary step to an update of their iPad software.

iPad Spam

Fig. 1 The fake iPad software update announcement

To carry conviction, the e-mail emphasizes that  users should keep their iPad software updated “for best performance, newer features and security”.

It goes on to clarify the multi-step procedure by pointing out that in order for the update to be performed the latest version of iTunes should first be downloaded from the Internet. A direct link to the download location is conveniently provided. As a proof of cybercrime finesse, the webpage the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads.

Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data as instead of the promised iTunes update they get malware on their systems.

phishing apple itunes download

Fig. 2 The download  that will turn the update into a nightmare

Identified by BitDefender as Backdoor.Bifrose.AADY,the piece of malicious code inadvertently downloaded injects itself in to the explorer.exe processand opens up a backdoor that allows unauthorized access to and control over the affected system.

Moreover, Backdoor.Bifrose.AADYattempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.

It is important to say that Mac users remain unaffected by this piece of malware.

tags


Author


Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures.

View all posts

You might also like

Bookmarks


loader