WARNING: Malicious repo …
Posted January 5th, 2008 at 7:15 pm by Ste
Filed in: Misc, Repo Issues, Site News
The repository “Silver Repo”, with a maintainer of “Mikey”, a category of “Cool” and a URL of “http://www.jmwiki.com/repo” is malicious. Remove this Source from Installer as fast as you can.
Note: the problem app was originally found by an IRC user named “DeathHobbit”. Another IRC user, named “Francis”, figured out what Source that app came from and the original warning to the public was posted on the “ModMyiFone” forums, here. My thanks to all involved!
He has several malicious apps:
One is called “Important UPDATE”, with a description of “An important system update.”. It’s not clear, from looking at the plist file, if it will show up in the “System” category or the “UPDATES” category.
Another is called “iPhone firmware 1.1.3 prep”, with a description of “An important system update. Install this before updating to the new 1.1.3 firmware.” As with the other, it’s not clear, from looking at the plist file, if it will show up in the “System” category or the “UPDATES” category.
Both of these packages are BOGUS. What they do is download the zip file of Erica’s Utilities, version 0.53, from one of *my* mirrors. It then installs it. If you uninstall his package, it will uninstall the files it installed. What this means is that if you had Erica’s Utilities installed already, it will overwrite them, during installation and uninstall them during uninstallation, but Installer will think the Erica’s Utilites are still installed - but it’s files will have been ripped out from under it. Any other app that uses any of the files in her package will break too. If you didn’t have Erica’s Utilites installed, then installing and removing either of these packages will do no harm.
He has a third package called “Jo Mama”, with a description of “Potatoes are burning to the ground”, in the “JMCO Apps” category, that installs/uninstalls an old version of my OpenSSH app. This will conflict with any other ssh app you have installed. The zip file, in this case, comes from Nullriver’s site, where they once briefly hosted it for me.
The plist files for all three of these apps are lifted directly from me, with the name, description and category changed.
I’ve looked up the owner of the domain and called and left a message for him.
More, as I get it.
UPDATE: New information suggests this might be the prank of an 11 year old boy, heh.
UPDATE: Yes, it was a kid, I’ve spoken to his dad and the site will be coming down. End of story.
-ste
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
January 5th, 2008 at 6:58 pm
[…] Read the rest of the warning. […]
January 5th, 2008 at 7:06 pm
Thanks for the heads up, much appreciated.
January 5th, 2008 at 11:13 pm
[…] La pagina que distribuia los paquetes: STE PACKAGING con una version modificada de su XML para hacer daño… Los responsables de la pagina llamaron […]
January 6th, 2008 at 1:44 pm
iPhone/touch: Erstes Schad-Repository für Installer.app…
Neben einem “Important UPDATE” bot es einige Programme im Ordner “JMCO Apps” an und vor allem das irreführende “iPhone firmware 1.1.3 prep”, das vorgaukelte für einen Jailbreak der künftigen Software-Version 1.1.3 vorzubereiten.
…, doch un…
January 6th, 2008 at 9:52 pm
11 year old boy ‘ownz’ iPhone hackers and devs…
Whatever happened to the age of innocence, when puppies and kittens were cute and cuddly, and the sun shone down upon the white picket fences and ice cream socials? Why, I remember when I was 11 years old and the worst trouble I ever got into was when …
January 8th, 2008 at 12:12 am
[…] care nu avea ce face si a vrut sa vada cit de fraiera e lumea. si au pus multi botu. mikey si-a atins […]
January 9th, 2008 at 9:21 am
[…] from the STE Packaging repository site and its owner details how the “prep” tool functions and how it was distributed. Users […]
January 10th, 2008 at 7:24 am
[…] Es war in jedem Fall ein Kind … WARNING: Malicious repo … - Ste Packaging - No more iPHUCing around. […]