MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

« Condition Remains GREEN | Main | Condition Remains GREEN »
Tuesday
Mar292011

Condition Remains GREEN

We are currently aware of a mass SQL-Injection attack being reported by Websense. At this time only catalog pages for 2 Podcast display evidence of the attack. iTunes uses RSS/XML feeds to get a list of Podcast, however it will have no effect via iTunes. The attack at this time does not affect the most recent version of iTunes accounts or compromise them in anyway. The attack acts as an intermediary to serve up malware that is Windows centric. 

Consider the following actions

  • Block domain lizamoon(dot)com (91_213_29_182).
  • If you do not do business consider blocking Lithuania and Russia.
  • Block domain scansystonline(dot)uni(dot)cc.
  • Block the country vanity ccTLD for Turkish Republic of Northern Cyprus (.cc) and Cocos (Keeling) Islands (.cc) Australia. (Consider blocking all vanity ccTLD.)
  • Consider changing you iTunes/AppleID Password.
  • Do not store your password and log out if you are not making purchases.
  • De-Authorize a device or computer and remove your iTunes credentials along with other critical credentials before service.
  • Only use Apple Authorize Service Providers. 

At this time this mass SQL-Injection does not compromise the latest version of iTunes in anyway. We will provide updates as we monitor the situation.