Educause Security Discussion mailing list archives

Re: iPhone contacting a sinkhole

From: Michael Cole <mcole () CLARKU EDU>
Date: Fri, 20 Nov 2015 20:59:20 +0000

Same here.  We've seen it on mostly iphone but at least one OSX laptop as well.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike 
Iglesias
Sent: Friday, November 20, 2015 3:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iPhone contacting a sinkhole

On 11/20/2015 12:44 PM, McClenon, Brady wrote:

We have received three alerts from REN-ISAC in the last month or so 
about an address on our network contacting a sinkhole.  In each case 
the device was a student's iPhone on our residential network (a 
different student in each case).  I'm curious if anyone else has seen 
this and if they have had any luck determining what is causing it.


It's XcodeGhost.

http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/

We've had RI notices about this too.  We point the students at the page above and tell them to remove all the apps 
noted on the list of apps that page points to, and then reinstall them if they want them back.


-- 
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270

Current thread:

iPhone contacting a sinkhole McClenon, Brady (Nov 20)
- Re: iPhone contacting a sinkhole Mike Iglesias (Nov 20)
  - Re: iPhone contacting a sinkhole Michael Cole (Nov 20)
  - Re: iPhone contacting a sinkhole Michael William Zimmer (Nov 20)
    - Re: iPhone contacting a sinkhole Scott Finlon (Nov 23)
- Re: iPhone contacting a sinkhole Ricardo Fitipaldi (Nov 20)