订阅

多平台阅读

微信订阅

杂志

申请纸刊赠阅

订阅每日电邮

移动应用

专栏 - 苹果2_0

中国数十万苹果设备或已染病毒

Philip Elmer-DeWitt 2014年11月11日

苹果(Apple)公司内部流传着一个老笑话,那就是史蒂夫·乔布斯周围是一片“现实扭曲力场”:你离他太近的话,就会相信他所说的话。苹果的数百万用户中已经有不少成了该公司的“信徒”,而很多苹果投资者也赚得盆满钵满。不过,Elmer-DeWitt认为,在报道苹果公司时有点怀疑精神不是坏事。听他的应该没错。要知道,他自从1982年就开始报道苹果、观察史蒂夫·乔布斯经营该公司。
一种新的针对苹果设备的恶意软件WireLurker在中国悄然传播,遭到感染的Mac和iOS设备可能多达数十万部。

    相对安卓(Android)手机和Windows电脑而言,苹果的产品不太容易受到恶意软件的侵袭,这让本次WireLurker事件关注度颇高。

    据位于加州的企业防火墙公司帕洛阿尔托网络(Palo Alto Networks)称,在过去六个月中,一种新的恶意软件悄然侵入了装有OS X和iOS系统的设备,这种软件会搜集信息,并筹备某些未明攻击。

    发现这种软件的研究人员将其称作WireLurker(意为“数据线潜伏者”),因为它可以通过电脑数据线感染甚至是原装非越狱的iPhone和iPad。

    目前在中国境外,尚没有WireLurker感染苹果(Apple)设备的报道。苹果公司表示,已经采取措施阻止该病毒感染苹果设备。

    苹果发言人对《财富》(Fortune)表示:“我们正密切关注这种恶意软件,它来自于某个面向中国用户的下载站。我们确认并阻止了它的运行。如往常一样,我们建议用户从可靠来源下载和安装软件。”

    有人找到了攻击苹果设备的方法,这对于一直以来宣称自身能够保护用户隐私和安全的苹果而言,实在是件麻烦事。攻破苹果的防御体系并不轻松,它还需要中国数十万部越狱的iOS设备作为启动基础。

    帕洛阿尔托网络公司第42单元的研究人员通过WireLurker追踪到了中国一家名为“麦芽地(Maiyadi)”的第三方Mac应用商店。根据公司周三发布的白皮书显示,那里流出了467个受到感染的应用,这些应用总共被下载了超过356,104次。也就是说,可能有数十万用户已经受到恶意软件的影响。

    用户需要更改Mac电脑上的安全设置,并忽略自动弹出的好几次警告,才能成功下载带病毒的应用。

    应用一旦安装成功,就会按照设定好的指令,感染多个移动设备。

    以下是帕洛阿尔托网络公司发布的新闻稿:

    “如果一台OS X电脑感染了WireLurker病毒,任何通过USB数据线与该电脑连接的iOS设备,无论是否越狱,都会被监控并自动安装下载好的第三方应用或自动生成的恶意应用。这就是为何我们叫它WireLurker(数据线潜伏者)。”

    “WireLurker可以窃取受感染的移动设备上的多种信息,还能定期向黑客的指挥和控制服务器发送升级请求。黑客正在积极地开发这个恶意软件,其目的尚不明确。”

    Compared with Android phones or Windows PCs, Apple’s products are relatively impervious to malware, which is what makes WireLurker so interesting.

    According to Palo Alto Networks, a California company that sells firewalls to businesses, a new family of malware has been quietly infiltrating OS X and iOS devices for the past six months, gathering information and preparing for some kind of unspecified attack.

    The researchers who discovered the plot called it WireLurker because it can infect even pristine, non-jailbroken iPhones and iPads through computer cables.

    There are no reports of WireLurker infecting Apple devices outside China, and Apple says it has taken steps to prevent that from happening.

    “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” anspokesperson told Fortune. “As always, we recommend that users download and install software from trusted sources.”

    The fact that someone found a way to do it has to be troubling news for Apple, which markets itself as the company that protects its users’ privacy and keeps them safe.

    Getting through Apple’s defense systems wasn’t easy, and it required the breeding ground of hundreds of millions of jailbroken Chinese iOS devices to get started.

    Researchers at Palo Alto Network’s PANW 3.50% Unit 42 traced WireLurker to a third-party Mac application store in China called Maiyadi App Store. There it “trojanized” 467 OS X applications, according to a white paper published Wednesday, and those apps were downloaded more than 356,104 times. In all, hundreds of thousands of users may have been affected.

    To download the infected apps, users would have had to change the security settings on their Macs and ignore several pop-up warnings.

    But once installed, the apps could make the leap to devices that followed all the rules.

    From Palo Alto Network’s press release:

    WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it ‘wire lurker’…

    “WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.”

1 2 下一页

我来点评

  最新文章

最新文章:

中国煤业大迁徙

500强情报中心

财富专栏