Security experts believe a sophisticated attack responsible for infiltrating computers at Twitter, Facebook and Apple wasn't isolated to just those companies. According to a report by ComputerWorld, the attack -- which targeted a previously unknown Java exploit -- gave hackers unfettered access to infected systems, allowing them to establish reverse command shells, transfer malicious payloads and execute commands on unassuming systems.
Interestingly, the malware's emerging details sound eerily similar to a Mac trojan we recently wrote about named "Pintsized". The presence of reverse shells, Perl scripts and connections established to servers with domain names similar to "Apple Corp" are precisely what Pintsized does.
The reason security nerds posit a broader number of victims than just Facebook, Twitter and Apple is the source: iPhoneDevSDK, a well-traveled iOS developer forum. According to an iPhoneDevSDK administrator, hackers gained access to the site and inserted malicious code. Consequently, the unassuming site unwittingly hosted a zero-day Java exploit, infecting countless possible visitors.
An iPhoneDevSDK administrator said they discovered the security snafu through Internet news reports. After determining it was victimized, iPhoneDevSDK contacted Facebook and its host, Vanilla, to ensure it wasn't a host-wide problem.
Credited for recognizing iPhoneDevSDK's role as a virus launchpad, F-Secure security analyst Sean Sullivan tweeted that iPhoneDevSDK has about 200,000 registered users and wasn't the "only watering hole" -- suggesting other sites may have also been responsible for spreading the malware.
It's unclear how long the attack had been implemented, but it appears hackers removed their exploit around January 30. The zero-day flaw was subsequently patched via a critical Java update issued on February 1. Java is a common attack vector for malware authors.