Many companies likely affected by compromise of popular iOS developer forum

iPhoneDevSDK administrators confirm that the site was compromised and hosted a zero-day exploit in January

By Lucian Constantin, IDG News Service |  Security

This type of attack that involves infecting a website frequently visited by a targeted group of people -- for instance, employees of companies in a certain industry, political and human rights activists supporting a certain cause -- is referred to in the security community as a "watering hole" attack, because the method resembles the hunting habits of predatory animals who wait near pools of water for prey to come and drink.

Sefferman described iPhoneDevSDK as "the most widely read dedicated iOS developer forum." The site does not publicly list the exact number of registered users, but it has sub-forums dedicated to certain topics that have tens or hundreds of thousands of replies.

Sullivan believes that, given the popularity of iPhoneDevSDK, many other companies were probably affected by this attack as well, but have yet to come forward or even discover the malware on their employees' systems.

Companies who develop iOS apps should probably ask their employees if they visited iPhoneDevSDK in recent months and should analyze their work computers for malware.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness