• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • MMi Public Service Announcement - Malicious Installer Source Warning
    It has come to my attention that the people responsible for the JMCO source jmwiki.com have intentionally created a malicious source with the sole intention of mucking up people's iPhones.

    This source adds an app in installer that pretends to be an update of erica's utilities. The app appears in installer as 113 prep.

    Once installed all this app does is it says "shoes." When uninstalled this app removes a lot of files from the /bin directory on the iphone, breaking valid apps like sendfile and other erica utilities.

    ModMyI recommends that you DO NOT install 113 prep. We further recommend that you abandon the use of the JMCO source and remove it from your installer app.

    It is a shame to see that people in our community are set on causing problems for others, their actions are not admirable.

    Help us get out the word to everyone as quickly as possible and Digg This

    Edit: You might note that when I say your bin directory i of course am talking about var/root/bin/ --- Also this source is installed when you instal the Blaze Source.

    Will be updating a list of things this messes up
    • Erica's Utilities
    • OpenSSH
    • Launcher
    • Doom
    Update:

    After STE (most of the .xml was taken directly from STE packaging but used in a malicious manner) called the number listed on the domain registration it turns out the person who is responsible is actually an 11 year old. STE has talked to his father and has been assured that the site will be removed tonight.

    Update #2:

    The Site hosting the malicious source has been taken down.

    Update #3:

    Symantec has listed this as the first sighting of a malicious iPhone attempt.



    thanks francis and deathhobbit
    This article was originally published in forum thread: MMi Public Service Announcement - Malicious Installer Source Warning started by Cody Overcash View original post
    Comments 75 Comments
    1. swell's Avatar
      swell -
      Even if this kid was 11 he should have enough sense not to put up a source that he doesn't know what it does. And heck I'm only 14 and I was like the first person(behind the original 3) to make my own source.

      -Swell
    1. ajl917's Avatar
      ajl917 -
      Quote Originally Posted by swell View Post
      Even if this kid was 11 he should have enough sense not to put up a source that he doesn't know what it does. And heck I'm only 14 and I was like the first person(behind the original 3) to make my own source.

      -Swell
      O he knew what he was doing. He had the malicious intent of ******* with people's iPhones...
    1. klimegreen's Avatar
      klimegreen -
      Dugg this post. This is a sad development for the iPhone. I hope this is a one time event. But probably not, popular (big number) products are targetted.
    1. DoerrFan's Avatar
      DoerrFan -
      Quote Originally Posted by swell View Post
      Even if this kid was 11 he should have enough sense not to put up a source that he doesn't know what it does. And heck I'm only 14 and I was like the first person(behind the original 3) to make my own source.

      -Swell
      Im 15, i wish i had enough time to make my own source Finals have swamped me And that kid knew what he was doing, i'll leave it at that
    1. Atreides's Avatar
      Atreides -
      No paradise lost... It pays to read the sites in advance for information on an available application BEFORE downloaded... Caveat Emptor (especially when it's free ) Generally, I won't download until I see enough feedback on an application. Mostly to avoid introducing bugs to phone, but examples like would avoid malicious bugs to phone...
    1. Dnc95's Avatar
      Dnc95 -
      Hi guy's I just wanted to let you guy's know that this story made it to macworld.com
      (http://www.macworld.com/article/1314...onetrojan.html) but the sad thing is that they are using false information to make it sound like 3rd party apps are the reason the iphone is getting hacked and this is why apple doesn't support it... but either way i think it's pretty sad that macworld.com would post something that's not accurate and not even ask cash or poetic for exact facts...
    1. yowiphone's Avatar
      yowiphone -
      This kid is NUTZ anyway i would like to make basic Apps for the iphone, but im not good at making th3m
    1. non-believer's Avatar
      non-believer -
      Has Deathhobbit submitted it to Apple so they can take a look? How come no-one has done an analysis of the code?

      For those who have been "owned" - why don't you send a copy of the malicious file out to the Internet Storm Center or something???
    1. DVB+'s Avatar
      DVB+ -
      Quote Originally Posted by non-believer View Post
      Has Deathhobbit submitted it to Apple so they can take a look? How come no-one has done an analysis of the code?

      For those who have been "owned" - why don't you send a copy of the malicious file out to the Internet Storm Center or something???
      Leave that kid alone...He is something....
    1. non-believer's Avatar
      non-believer -
      ok fine, let's just wait for the next one then shall we?
    1. DarkMirc's Avatar
      DarkMirc -
      we all ready know what the file does and as there is no antivirus as of yet.

      If in doubt about an application you can always ask her or #modmyi on mirc.

      As i FOUND IT and passed it to francis and ste they discovered the truth behind it, my suspicion was 1.1.3 is not available and if there was a prep it would be pasted all over the forums so ASK if in doubt.
      Most new applications are advertised or mentioned in the news section so you can always check.
    1. Taniban's Avatar
      Taniban -
      This boy has done 3rd party apps no good. This is the reason why Apple say they do not allow 3rd party apps in the iPhone. Its a sad time for us all... hopefully nobody would be more foolish enough to do such a thing in the future.
    1. non-believer's Avatar
      non-believer -
      So what if you already know what the file does? It'd be nice to confirm it. So far, no-one has been able to confirm the existance of this code with any proof. And thats probably why there is no antivirus coverage for this file, because it doesn't exist. So if francis and stu and deathhobbit (which are the only people who appear to have even seen this so-called malicious file) are going to be responsible they should send their copies of the code to Apple.
    1. jeff369's Avatar
      jeff369 -
      I installed that Blaze whatever source and it seems to be filled with a lot of "stuff", anyone notice anything else wrong with it?
    1. fueledbyramen's Avatar
      fueledbyramen -
      why is there always some angry douche that hates to see other happy.