When we first heard about the hack on Facebook, Apple, Twitter, and Microsoft that seemed to be connected, it looked like an infected website downloaded malicious software to employee computers when they accessed the site. But now, it seems that more than one infected website targeted specific visitors.
According to The Security Ledger, who spoke with Facebook chief security office Joe Sullivan, three different websites infected his employees’ Macs We know about iPhoneDevSDK, the iPhone development website that was serving malware to visitors, but this involved two other unnamed websites, including one that provided information about Android development.
Sullivan also said that Facebook was able to see a number of other companies infected by the same attack, though he did not name any of them. He did say, however, that the attack was not focused on the tech sector, as you might assume after Twitter, Apple, and Microsoft all reported similar attacks. Instead, it seems that the attack spanned across a number of industries.
The owner behind iPhoneDevSDK explained that he believes the malware writers were able to see what kinds of visitors were coming to the site and target specific people. For example, he wasn’t infected by visiting his own site, but those at Facebook were.
The malware dropped on the Mac computers is believed to be a trojan called Pintsized.A, which jumps into the system and encrypts its communications with the command and control server to make it very difficult to detect.
VB’s research team is studying web-personalization... Chime in here, and we’ll share the results.