Join Early Retirement Today
Thread Tools Search this Thread Display Modes
An Apple worm?
Old 11-06-2014, 09:34 AM   #1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 39,206
An Apple worm?

Yikes! Is nothing sacred any more?

A new, ugly malware threat could be lurking for millions of Apple Inc. customers.

The new family of malware, dubbed WireLurker, has been discovered by Palo Alto Networks Inc. which said it shows “characteristics unseen in any previously documented threats targeting Apple platforms.”
800 million Apple devices threatened by WireLurker malware

Numbers is hard.

Retired in 2005 at age 58, no pension

REWahoo is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 11-06-2014, 10:06 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 5,180
Before all the Apple users panic and head for the hills in sheer terror, wait a bit. See what really knowledgeable people like Steve Gibson have to say in a few weeks after they have thoroughly looked into it.

The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 11-06-2014, 10:27 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
NW-Bound's Avatar
Join Date: Jul 2008
Posts: 15,933
In a nutshell, this worm "crawls" from an infected Apple computer to an iPhone when the two are connected via USB.

As I have an old iPhone but no Apple computer, this does not affect me.

Oh wait! My iPhone is not even turned on most of the time. I am completely safe.
"Old age is the most unexpected of all things that can happen to a man" -- Leo Tolstoy
NW-Bound is offline   Reply With Quote
Old 11-06-2014, 11:28 AM   #4
Join Date: Oct 2007
Posts: 4,929
Be careful about buying or downloading Macintosh applications from the Maiyadi App Store, a third-party Mac application store in China.

Apple has added a signature to the download inspector, Gatekeeper to recognize the 'iWorm/WireLurker' installer hidden in these apps and block it from running.

If you see an alert like this, Gatekeeper has spotted Something Bad that you really shouldn't try to run:

If you have previously installed applications from the Maiyadi App Store, your system may be affected.

The most obvious symptom will be the appearance of strange apps on your iOS device that you have not purchased.

More details are available in the PaloAltoNetworks report on WireLurker:
M Paquette is offline   Reply With Quote
Old 11-06-2014, 01:02 PM   #5
Thinks s/he gets paid by the post
Join Date: Mar 2010
Posts: 1,595
Thanks for the heads up! This is why I stay away from Apps (games, etc) as much as possible.
sheehs1 is offline   Reply With Quote
Update: WIreLurker C&C network shut down
Old 11-06-2014, 03:37 PM   #6
Join Date: Oct 2007
Posts: 4,929
Update: WIreLurker C&C network shut down

The WireLurker command and control infrastructure has been shut down, and the Apple digital certificate that was used to sign the code has been revoked, removing the ability to infect non-jailbroken iOS devices.
M Paquette is offline   Reply With Quote
Old 11-06-2014, 07:32 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
HFWR's Avatar
Join Date: May 2005
Location: Lawn chair in Texas
Posts: 12,556
Cue CFB...

Sent from my iPad using Early Retirement Forum
Have Funds, Will Retire

...not doing anything of true substance...
HFWR is offline   Reply With Quote
Old 11-23-2014, 09:28 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Sep 2005
Location: Northern IL
Posts: 16,454
Reviving this, as I wanted to check my notes before commenting, and I just found them:

DD recently told me she was having problems with her MacBook Pro, her browsers had underlines for all the text which linked to ads, and ads would pop up and open new windows, and take over her home page. Not good.

She said it seemed to happen after she downloaded some Adobe software she needed for a school project - but.... she didn't remember where she downloaded it from. So I suspect that was a scam site, and told her always go directly to the source (Adobe in this case), and download it from their site.

So some googling, and I find references to "Trovi adware".

How to remove Trovi adware from Mac

It basically involved resetting the browser and doing a bunch of searches to find and remove files with some of the names they list. Fixed it.


ERD50 is offline   Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
The oil worm turns on Hugo Chavez REWahoo Other topics 15 01-17-2009 06:48 PM
Storm Worm~ Virus mickeyd Other topics 4 01-23-2007 12:29 PM


All times are GMT -6. The time now is 02:24 AM.
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.