Apple iPad targeted with malicious email promising iTunes upgrade, as Adobe confirms that it will work with other devices for Flash development

News by Dan Raywood

A malicious email that promises performance, features and security improvements has been detected as targeting the Apple iPad.

A malicious email that promises performance, features and security improvements has been detected as targeting the Apple iPad.

Identified by BitDefender as Backdoor.Bifrose.AADY, it instructs iPad users to download the latest version of iTunes onto their PC to begin the update, and provides a bogus link to do so.

The piece of malicious code inadvertently downloaded injects itself into the explorer.exe process and opens up a backdoor that allows unauthorised access to and control over the affected system.

Writing on the website, Sabina Datcu said: “It goes on to clarify the multi-step procedure by pointing out that in order for the update to be performed the latest version of iTunes should first be downloaded from the internet. A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads.

“Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data as instead of the promised iTunes update they get malware on their systems.”

BitDefender further claimed that Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the software installed on the affected computer, while also logging the passwords to the victim's ICQ, Messenger, POP3 mail accounts and protected storage.

Meanwhile, Adobe has confirmed that it is to stop making software tools that allow Apple's iPhone and iPad to use Flash. Mike Chambers, principal product manager for developer relations for the Flash platform at Adobe, wrote on his blog that it will still be shipping the ability to target the iPhone and iPad in Flash CS5 but is not currently planning any additional investments in that feature.

He said: “To be clear, during the entire development cycle of Flash CS5, the feature complied with Apple's licensing terms. However, as developers for the iPhone have learned, if you want to develop for the iPhone you have to be prepared for Apple to reject or restrict your development at anytime, and for seemingly any reason.

“In just the past week Apple also changed its licensing terms to essentially prohibit ad networks other than its own on the iPhone, and it came to light that Apple had rejected an application from a Pulitzer Prize winning cartoonist on editorial grounds (which Apple later said was a ‘mistake').

“The primary goal of Flash has always been to enable cross browser, platform and device development. The cool web game that you build can easily be targeted and deployed to multiple platforms and devices. However, this is the exact opposite of what Apple wants. They want to tie developers down to their platform, and restrict their options to make it difficult for developers to target other platforms.”

He confirmed that it is working closely with Google to bring both Flash Player 10.1 and Adobe AIR 2.0 to its devices, and was going to shift all of its mobile focus from iPhone to Android-based devices.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews