Re: iPhone contacting a sinkhole

[Michael William Zimmer <Michael.Zimmer () NAU EDU>]

Wow, thank you for bringing this topic up!  We have been receiving similar alerts recently and found in each case that 
it pointed back to same iOS device.  We have identified the user as an international student from China.  Until now, we 
weren't certain when our Student Tech Center would have a chance to work with it - but they will send this URL to the 
student in the meantime.

Thank you - and I guess you can add NAU to your list of 'also seeing this' group.

Michael Zimmer
Northern Arizona University
Flagstaff, AZ

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike 
Iglesias
Sent: Friday, November 20, 2015 1:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iPhone contacting a sinkhole

On 11/20/2015 12:44 PM, McClenon, Brady wrote:
> We have received three alerts from REN-ISAC in the last month or so 
> about an address on our network contacting a sinkhole.  In each case 
> the device was a student's iPhone on our residential network (a 
> different student in each case).  I'm curious if anyone else has seen 
> this and if they have had any luck determining what is causing it.

It's XcodeGhost.

http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/

We've had RI notices about this too.  We point the students at the page above and tell them to remove all the apps 
noted on the list of apps that page points to, and then reinstall them if they want them back.


-- 
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270