Compared with Android phones or Windows PCs, Apple’s products are relatively impervious to malware, which is what makes WireLurker so interesting.
相对安卓(Android)手机和Windows电脑而言,苹果的产品不太容易受到恶意软件的侵袭,这让本次WireLurker事件关注度颇高。
According to Palo Alto Networks, a California company that sells firewalls to businesses, a new family of malware has been quietly infiltrating OS X and iOS devices for the past six months, gathering information and preparing for some kind of unspecified attack.
据位于加州的企业防火墙公司帕洛阿尔托网络(Palo Alto Networks)称,在过去六个月中,一种新的恶意软件悄然侵入了装有OS X和iOS系统的设备,这种软件会搜集信息,并筹备某些未明攻击。
The researchers who discovered the plot called it WireLurker because it can infect even pristine, non-jailbroken iPhones and iPads through computer cables.
发现这种软件的研究人员将其称作WireLurker(意为“数据线潜伏者”),因为它可以通过电脑数据线感染甚至是原装非越狱的iPhone和iPad。
There are no reports of WireLurker infecting Apple devices outside China, and Apple says it has taken steps to prevent that from happening.
目前在中国境外,尚没有WireLurker感染苹果(Apple)设备的报道。苹果公司表示,已经采取措施阻止该病毒感染苹果设备。
“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” anspokesperson told Fortune. “As always, we recommend that users download and install software from trusted sources.”
苹果发言人对《财富》(Fortune)表示:“我们正密切关注这种恶意软件,它来自于某个面向中国用户的下载站。我们确认并阻止了它的运行。如往常一样,我们建议用户从可靠来源下载和安装软件。”
The fact that someone found a way to do it has to be troubling news for Apple, which markets itself as the company that protects its users’ privacy and keeps them safe.
有人找到了攻击苹果设备的方法,这对于一直以来宣称自身能够保护用户隐私和安全的苹果而言,实在是件麻烦事。攻破苹果的防御体系并不轻松,它还需要中国数十万部越狱的iOS设备作为启动基础。
Getting through Apple’s defense systems wasn’t easy, and it required the breeding ground of hundreds of millions of jailbroken Chinese iOS devices to get started.
帕洛阿尔托网络公司第42单元的研究人员通过WireLurker追踪到了中国一家名为“麦芽地(Maiyadi)”的第三方Mac应用商店。根据公司周三发布的白皮书显示,那里流出了467个受到感染的应用,这些应用总共被下载了超过356,104次。也就是说,可能有数十万用户已经受到恶意软件的影响。
Researchers at Palo Alto Network’s PANW 3.50% Unit 42 traced WireLurker to a third-party Mac application store in China called Maiyadi App Store. There it “trojanized” 467 OS X applications, according to a white paper published Wednesday, and those apps were downloaded more than 356,104 times. In all, hundreds of thousands of users may have been affected.
用户需要更改Mac电脑上的安全设置,并忽略自动弹出的好几次警告,才能成功下载带病毒的应用。
To download the infected apps, users would have had to change the security settings on their Macs and ignore several pop-up warnings.
应用一旦安装成功,就会按照设定好的指令,感染多个移动设备。
But once installed, the apps could make the leap to devices that followed all the rules.
以下是帕洛阿尔托网络公司发布的新闻稿:
From Palo Alto Network’s press release:
“如果一台OS X电脑感染了WireLurker病毒,任何通过USB数据线与该电脑连接的iOS设备,无论是否越狱,都会被监控并自动安装下载好的第三方应用或自动生成的恶意应用。这就是为何我们叫它WireLurker(数据线潜伏者)。”
WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it ‘wire lurker’…
“WireLurker可以窃取受感染的移动设备上的多种信息,还能定期向黑客的指挥和控制服务器发送升级请求。黑客正在积极地开发这个恶意软件,其目的尚不明确。”
Security experts have long debated why it is that Apple’s computers were spared the waves of malware that have infected competing systems over the years. Was it because Apple’s systems were inherently more secure? Or because there weren’t enough Macs out there to make an interesting target?
恶意软件肆虐苹果竞争对手的系统已有多年,而苹果电脑却始终幸免,安全专家对其中缘由争论已久。是苹果系统本身就更加安全吗?还是因为Mac电脑数量太少,黑客没有兴趣攻击它?
In the post-PC era, with Apple selling hundreds of millions of devices per year, the “security by obscurity” theory may get put to the test.
在后PC时代,苹果每年都会售出数十万台设备,“被忽视所以安全”的理论将会得到检验。
Meanwhile, Palo Alto Networks offers some advice:
与此同时,帕洛阿尔托网络公司提供了一些建议:
o In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
o 在OS X系统的系统偏好设置里的“安全与隐私”中,请选择“仅允许从Mac应用商店下载的应用程序 ”(或“仅允许来自Mac应用商店或来自苹果认可的开发者的应用程序 ”)
o Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source
o 不要下载和运行来自第三方应用商店、下载站和其他不可信来源的Mac应用及游戏
o Keep the iOS version on your device up-to-date
o 保证移动设备上的iOS系统是最新版的
o Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party (e.g. your IT corporate help desk) explicitly instructs you to do so
o 不要接受任何不明企业的配置文件,除非是获得授权的可信方(比如贵公司IT部门的帮助中心)明确让你这么做
o Do not pair your iOS device with untrusted or unknown computers or devices
o 不要将你的iOS设备与不受信任或未知的电脑或设备配对
o Avoid powering your iOS device through chargers from untrusted or unknown sources
o 避免用不受信任或未知来源的充电器给你的iOS设备充电
o Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
o 与此类似,避免将你的iOS设备与不受信任或未知的配件或电脑(Mac或PC机)连接
o Do not jailbreak your iOS device; If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device
o 不要给你的iOS设备越狱。如果你已经越狱,请只使用来自Cydia社区的可靠资源,避免在设备上储存敏感的个人信息