Aug 22, 2012

Tech News: What Can Apple Do About Windows Malware in an iOS iApp?

An interesting thing happened on the way to the forums recently. Well, actually it was at the Apple forums, with an iOS user reporting that his Windows antivirus package had singled out an iPhone app called "Instaquotes Quotes Cards for Instagram" and flagged it as containing a Windows virus. Sounds crazy, right? But in this case it was no false positive - the app really did contain a Windows virus. The user reported in the forum (https://discussions.apple.com/message/19004235#19004235) that the malware found was Worm/VB.LY.24. Now, this is an older threat that was initially found in 2009, written in VB, and designed to infect Windows machines. Cross Platform Security Scans Required? The good news is that the malware would not be harmful to either iOS or OS X. The app made it through the standard Apple security scan for that reason - it was no threat to any of their operating systems. But the fly in the ointment for Apple is this - their iTunes software is supported on Windows as well, and that gives Windows systems a wide entry into the iTunes stores with ‘supposedly’ safe walled apps for end users. Suddenly Apple could be thrust into the highly non-enviable position of having to scan for every Windows virus as part of their app approval system. The problem is that the list is huge and changes daily (almost hourly). To say that it complicates the process is no doubt quite the understatement. But was it really a threat? According to CNET, the offending payloads were located inside of the package, and it would have to be extracted before any harm would take place. Of course, this is not uncommon for some malware payload deliveries, and all it needs is an agent on the Windows machine (itself hard to detect since it contains no actual malware) to set things in motion. Fire for Effect? One thing that should be noted is the age of the malware in question. Worm/VB.LY.24 is an older piece of malware and it is sure to be detected by virus scanners with even old database updates. When you consider the facts, it is almost as if they wanted it detected. The disruption that took place over the discovery could have been the end goal. Apple is a big target, and there are plenty of competitors, lawsuits aside, that would like to see Apple get a black eye or two. Sadly, though, most malware distributors don't operate that way. Instead, their end goal is to often turn your machine into a source of income. Having iOS apps as a malware delivery system would be a huge coup for them, as you might expect. Known Developer Account Apple has since pulled the offending app from the App Store and any Windows users (or otherwise) will not be able to download it to their machines and devices. The good news is that Apple has control of the offending developer account and necessary actions will be taken if possible. Since the final assembly of the package would more than likely have taken place on a Mac, it could rule out any unknown malware on the developer's machine that placed the packages for distribution, leaving deliberate action in the hands of the developer. At least it would appear that no malware exists on the Mac to infect the output of a developer. You would expect the problem to be much more widespread than just the single report if that was truly the case. While we feel confident that it was a single deliberate action on the part of the developer(s), nothing is certain when it comes to the constantly shifting world of malware. Remove the Windows OS as Part of the iTunes App Ecosystem? Since such malware does not impact iOS or OS X, it would seem that Apple would be happy to cut Windows out of the app delivery system. With the advances in iOS recently, this is easier than you might think. Apps that are too large for direct carrier download can easily be done via WiFi. Even iOS updates can be done over the air now, removing the need for the PC. Even backups of apps and the device itself can now be done via Apple's iCloud, further removing the need for the PC. At this point, having apps going onto the user's desktop or laptop is almost an issue of convenience, not necessity. It would be very easy to remove this capability from the next release of iTunes, preventing potentially harmful apps from being stored on a Windows machine. With the recent discovery of Windows malware in an iOS app, it seems clear that any deliverable that touches another operating system is a potential threat for that system. As to what steps Apple will take to prevent this in the future remains to be seen, but the takeaway is probably this - everyone is a target of malware, even if you are just the delivery mechanism.