11 Replies Latest reply: Jul 30, 2012 7:36 PM by Andreas77
deesto Level 1 Level 1 (25 points)

I just downloaded two apps from iTunes, and one of them has been flagged by ClamXav as being a virus:

-Quotes for Cards (for Instagram)

 

2012-07-24 10:19:21 /Users/{me}/Music/iTunes/Mobile Applications/Downloads/Instaquotes-Quotes Cards For Instagram.tmp/Info.plist: OK

2012-07-24 10:19:22 /Users/{me}/Music/iTunes/Mobile Applications/Downloads/Instaquotes-Quotes Cards For Instagram.tmp/download.app: Worm.VB-900 FOUND

2012-07-24 10:19:24 /Users/{me}/Music/iTunes/Mobile Applications/Instaqoutes 1.0.ipa: Worm.VB-900 FOUND

 

I let ClamXav move it to the trash, but what else can/should be done?  How can I verify whether this is actually a virus?  A search for information on the app turned up very little, and nothing at all with reference to a possible virus or malware.

Screen shot 2012-07-24 at 10.19.42 AM.png


MacBook Pro i7 15, Mac OS X (10.6.7)
  • 1. Re: apps reported as virus
    thomas_r. Level 7 Level 7 (27,930 points)

    That is a Windows virus, and cannot affect your Mac.  Removing it is all that is necessary.

     

    Even though this cannot affect Mac OS X, inclusion of malware in an App Store app is still a very serious issue!  I have downloaded it and see the same problem here.  I'm not actually sure where to report such a problem, but I'm going to look into that.

  • 2. Re: apps reported as virus
    MarkAllan Level 1 Level 1 (10 points)

    It seems entirely likely that it's a false positive, but best to flag it up anyway.  Apple needs to check the archive and someone needs to submit it to ClamAV as a false positive.  Not sure who's best to do that as I suspect sharing an app downloaded from the AppStore is verboten.

  • 3. Re: apps reported as virus
    MarkAllan Level 1 Level 1 (10 points)

    Looks like I spoke too soon.  It appears like it may not be a false positive afterall.  Letting ClamXav delete the app was the right thing to do.  We also need to flag this up to Apple somehow.

  • 5. Re: apps reported as virus
    etresoft Level 7 Level 7 (24,270 points)

    It is nothing to worry about. Considering where this virus is located, it wouldn't even hurt a Windows machine. It looks like an accident from the developer's infected Windows machine.

  • 6. Re: apps reported as virus
    deesto Level 1 Level 1 (25 points)

    Thanks all.  I'm still unclear as to whether it's possible to push a notification upstream in order to let Apple (and others) know this app is infected, whether intentionally or not.  At least it's now somewhat documented here.

  • 7. Re: apps reported as virus
    etresoft Level 7 Level 7 (24,270 points)

    The best thing to do would be to send an e-mail to the developers so they can upload a new binary.

  • 8. Re: apps reported as virus
    thomas_r. Level 7 Level 7 (27,930 points)

    I'm still unclear as to whether it's possible to push a notification upstream in order to let Apple (and others) know this app is infected, whether intentionally or not.

     

    I have e-mailed an address at Apple that was given to me by one of my colleagues in the security industry.  I have also posted a note on the developer's Facebook page (which appears to be the only way to get in touch with them) and added a review of the app detailing the problem to the iOS App Store.

     

    As much as I agree with etresoft that this can't hurt you, and that it wouldn't even hurt a Windows user, it is troubling.  This was probably accidental, but we can't rule out the possibility that it was a probe to see whether Apple screens iOS apps for malware that can affect other systems.  Why anyone would be interested in doing that, I don't know, but I learned a long time ago that just because I don't see the reason doesn't mean there isn't one!  In any case, though, we've just learned something interesting about Apple's screening process.

  • 9. Re: apps reported as virus
    Topher Kessler Level 6 Level 6 (9,340 points)

    Apple has removed the app from the iOS app store. The page for it is no longer available. Whether Apple will have the developer correct the problem and resubmit it or other action has been taken (suspension, etc.), is unknown at this point, but at least it's been dealt with.

  • 10. Re: apps reported as virus
    Appsstand Level 1 Level 1 (0 points)

    Thank you For Emailing is us about the Infected app , We are Now working with apple To Push the Updated app the the appstore . Thanks

  • 11. Re: apps reported as virus
    Andreas77 Level 1 Level 1 (0 points)

    for what reason I could not buy from my iTunes :i have this problem

     

    I have apple acount for AppStore with ClickandBuy but can not buy anything programs ...

    this presented in my iTunes:

     

    i'm from GERMANY

    https://discussions.apple.com/servlet/JiveServlet/downloadImage/2-19061887-138891/untitled.bmp