When we first heard about the hack on Facebook, Apple, Twitter, and Microsoft that seemed to be connected, it looked like an infected website downloaded malicious software onto employee computers when they accessed the site. But now, it seems there was more than one infected website that targeted specific visitors.
According to The Security Ledger who spoke with Facebook chief security office Joe Sullivan, there were three different websites that infected his employees’ Mac machines. We know about iPhoneDevSDK, the iPhone development website that was serving malware to visitors, but there were two other unnamed websites, including one that provided information about Android development.
Sullivan also said that Facebook was able to see a number of other companies infected by the same attack, though he did not name any of them. He did say, however, that the attack was not focused on the tech sector, as you might assume after Twitter, Apple, and Microsoft all reported similar attacks. Instead, it seems that the attack spanned across a number of industries.
The owner behind iPhoneDevSDK explained that he believes the malware writers were able to see what kinds of visitors were coming to the site and target specific people. For example, he wasn’t infected by visiting his own site, but those at Facebook were.
The malware dropped on the Mac computers is believed to be a trojan called Pintsized.A, which jumps into the system and encrypts its communications with the command and control server to make it very difficult to detect.
Filed under: Security
Comments are disabled on this post