Random porn pages on iOS Safari

Baumi

macrumors regular
Original poster
Mar 31, 2005
201
239
Hi,

I did something stupid yesterday. I got a semi-obvious phishing mail with a PDF attachment, and opened the mail on both my iPhone 4 and my iPad (believing myself to be safe since AFAIK there are no known viruses for non-jailbroken iDevices) – and when they tried to display the PDF, it was obviously broken.

Shortly afterwards, random porn pages popped up in Safari on both devices every once in a while – the whole page would be redirected to a porn page.

So far this only happened on two domains: berlin.de (official webseite of the city of Berlin) on the iPhone and cumhuriyet.com.tr (major Turkish newspaper) on the iPad, so this could be merely a coincidence and not related to the spam mail at all, e.g. a compromised ad network randomly dishing out porn, although at first glance the sites don't seem to use the same ad providers. I didn't yet see this behavior on my computers or an iPhone 3GS that didn't open the PDF. (Which, admittedly, doesn't prove much, since the pages only pop up every once in a while and I do most of my browsing on the two devices in question.)

Both devices are running the latest iOS with no JB. I tried rebooting them – no change. I'll probably try a restore next to see if that stops it.

I couldn't find any reports about something like this on the web. Did anyone else here ever experience something similar (with or without opening strange attachments first)?

Thanks for any insight.

Baumi
 

SandboxGeneral

Moderator emeritus
Sep 8, 2010
26,133
9,325
Detroit
Hi,

I did something stupid yesterday. I got a semi-obvious phishing mail with a PDF attachment, and opened the mail on both my iPhone 4 and my iPad (believing myself to be safe since AFAIK there are no known viruses for non-jailbroken iDevices) – and when they tried to display the PDF, it was obviously broken.

Shortly afterwards, random porn pages popped up in Safari on both devices every once in a while – the whole page would be redirected to a porn page.

So far this only happened on two domains: berlin.de (official webseite of the city of Berlin) on the iPhone and cumhuriyet.com.tr (major Turkish newspaper) on the iPad, so this could be merely a coincidence and not related to the spam mail at all, e.g. a compromised ad network randomly dishing out porn, although at first glance the sites don't seem to use the same ad providers. I didn't yet see this behavior on my computers or an iPhone 3GS that didn't open the PDF. (Which, admittedly, doesn't prove much, since the pages only pop up every once in a while and I do most of my browsing on the two devices in question.)

Both devices are running the latest iOS with no JB. I tried rebooting them – no change. I'll probably try a restore next to see if that stops it.

I couldn't find any reports about something like this on the web. Did anyone else here ever experience something similar (with or without opening strange attachments first)?

Thanks for any insight.

Baumi
I've not heard of anything like this before on iOS. Have you reset Safari and cleared it's cache? If so, or if after doing so, they still pop up, I'd probably go with the restore option and wipe the phone and start over just to be safe.
 

skywalkerr69

macrumors 6502a
Jan 21, 2011
732
385
New York
wow this is really odd. Clear all the cache on safari and you might have to do a reboot and start over. Viruses hardly damage iOS, this might be a new trend. But hey? whats wrong with porn pages? :cool:
 

RodThePlod

macrumors 6502a
Sep 7, 2005
707
185
London
This is interesting. As others have said, it might be best if you restore your devices. If you still have a copy of the email, can you submit it to McAfee so they can have a look at it? I know some people in the McAfee virus labs who may be interested in looking at this.

Go here: http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx

Or zip the original email (you may have to zip it on your Mac or PC) and send it as an attachment to this address: virus_research@avertlabs.com.

And in future, take heed of that age old advice about not opening attachments or clicking on links in unsolicited email ;)

Cheers,

RTP.
 
Last edited:

thredhd

macrumors newbie
Jun 10, 2012
1
0
same problem

We have had the same problem with iPad 2 and iPod 4 (i think its a 4). They belong to my husband and our 7 yo boy uses them a lot. Not sure how it got started, completely possible my husband opened a bad email or the kid downloaded something he shouldnt have. But a lot of random porn pages have been coming up when trying to use Safari. So far the only way around it was to go straight to Google using Google App with 'strict' search settings and bypass Safari all around. Not sure if this is a fix or a bandaid but hoping it works. Cant have the little guy seeing things he shouldnt! Cant have any kind of virus passed to the home computer either!
 

Baumi

macrumors regular
Original poster
Mar 31, 2005
201
239
Thanks for all the info! I did the cache purge, but I still got one more porn popup on the iPad, so far. Cumhuriyet, again. Still, since it didn't happen on any other site besides that and berlin.de, I'll assume a problem on their end is more likely than me being the first victim of iOS malware.

I'll zip up the file and forward it to McAffee, though, just in case. The mail body shares some characteristics with a Windows-only PDF exploit launched at German users some months ago, but the text was updated for this round, so it may not necessarily carry the same payload as that old one.

I'll let you know if there's anything more to this story than a known Windows trojan plus some freak coincidences.

P.S.: Thanks, also, for the lack of "Every1 knows there's no iOS virus, your STOOPID!" replies. ;-)
 

RodThePlod

macrumors 6502a
Sep 7, 2005
707
185
London
I'll zip up the file and forward it to McAffee, though, just in case. The mail body shares some characteristics with a Windows-only PDF exploit launched at German users some months ago, but the text was updated for this round, so it may not necessarily carry the same payload as that old one.
Great - thanks for keeping us updated. The folks in the McAfee virus lab should be able to give you a response pretty quickly, so it would be great if you'd update this thread once you've heard back.

Cheers!

RTP.
 

MacReloaded

macrumors 6502
Oct 31, 2007
407
0
Canada
It kinda sounds like a PDF exploit to me, like the exploit used in JailbreakMe in iOS 4 with a broken PDF file.
 

fsck-y dingo

macrumors 65816
Jun 14, 2009
1,008
0
After you send the files to McAfee i'd suggest restoring as new and changing your passwords. I'm sort of paranoid in that regard, but considering what happened it can't hurt.
 

GarrisonClayton

macrumors newbie
Jun 11, 2012
1
0
Badoink

The same thing is happening to me. So far, it has only happened on Tumblr.com. Some blogs on Tumblr redirect to a page advertising a "porn app" called Badoink. I've just started using the Atomic Web browser instead of Safari and haven't had it happen yet.
 

Aleanrahel

macrumors newbie
Jun 19, 2012
1
0
I had the same problem. Yesterday when I was typing in a searchbox on Ebay, a badoink page suddenly popped up, and (probably because I had continued typing) redirected to a page which looked like an Appstore page, but was in fact just a html-page in Safari.

I have found both pages in the history:
http://ipad.badoink.com/special_offer_v2.php
http://www.badoink.com/tablet/app/index.php

I know there is not supposed to be an iOS virus, but either there is, or Ebay has been hacked to sent iPad users to porn advertisements. :confused:

BTW: this post is the only mention of this 'virus' I could find on the net, so this must be a quite recent thing.

Does anybody have any idea how to get rid of this?
 

Mrarkon

macrumors newbie
Apr 1, 2012
7
0
I had the same problem. Yesterday when I was typing in a searchbox on Ebay, a badoink page suddenly popped up, and (probably because I had continued typing) redirected to a page which looked like an Appstore page, but was in fact just a html-page in Safari.

I have found both pages in the history:
http://ipad.badoink.com/special_offer_v2.php
http://www.badoink.com/tablet/app/index.php

I know there is not supposed to be an iOS virus, but either there is, or Ebay has been hacked to sent iPad users to porn advertisements. :confused:

BTW: this post is the only mention of this 'virus' I could find on the net, so this must be a quite recent thing.

Does anybody have any idea how to get rid of this?
It's probably a problem within Safari itself, so your options are to either:
A) Restore
B) Download a different browser app, such as Opera Mini, Axis, Atomic, etc.
 

JustCorz

macrumors newbie
Mar 31, 2011
11
1
It happened to my wife's ipad on safari when she was browsing for wedding invitations for her friend on a website found through google. It happened to me on the same device using skyfire browser for ipad?

It seems to be dummy websites which then forwards you onto a page with a fake badoink app which by the way is very explicit..not good, especially if you have children who use your ipad or iphone!
 

AforAndromeda

macrumors member
Jan 30, 2009
78
1
UK
Just a quick message to add Sophos to the list of helpful resources. http://www.sophos.com

They have been doing AV for Macs etc for years, and whilst I have used them extensively for PC networks in the past because the product and IT support is superb, they are not the first name most think of, probably because they are UK based.

Worth informing.


Pete

:)
 

SandboxGeneral

Moderator emeritus
Sep 8, 2010
26,133
9,325
Detroit
Thanks for all the info! I did the cache purge, but I still got one more porn popup on the iPad, so far. Cumhuriyet, again. Still, since it didn't happen on any other site besides that and berlin.de, I'll assume a problem on their end is more likely than me being the first victim of iOS malware.

I'll zip up the file and forward it to McAffee, though, just in case. The mail body shares some characteristics with a Windows-only PDF exploit launched at German users some months ago, but the text was updated for this round, so it may not necessarily carry the same payload as that old one.

I'll let you know if there's anything more to this story than a known Windows trojan plus some freak coincidences.

P.S.: Thanks, also, for the lack of "Every1 knows there's no iOS virus, your STOOPID!" replies. ;-)
Have you any more information from McAfee on your email? I'm really curious to know how whatever it is, is "infecting" iOS, and causing these redirects.
 

ThatsMeRight

macrumors 68020
Sep 12, 2009
2,257
124
I have read a lot of these reports and I even experienced it myself so this is definitely _not_ a problem for one, single individual.
 

DTJO

macrumors newbie
Jul 2, 2012
3
0
Same problem here.
I have restored the iPad via iTunes but this morning when I opened safari I was redirected to a random porn page.
I had this on multiple (official news)websites.

Don't know what to do now.... :(
 

ericrwalker

macrumors 68030
Oct 8, 2008
2,812
3
Albany, NY
Same problem here.
I have restored the iPad via iTunes but this morning when I opened safari I was redirected to a random porn page.
I had this on multiple (official news)websites.

Don't know what to do now.... :(
If you did a restore from a recent backup, then you might have put whatever was causing this back on the device. :confused:
 

G.S.

macrumors newbie
Jul 2, 2012
2
0
Same problem here with being redirected to porn ads or play.google.... Sites. Without funny emails or anything elese from this direction. Tried out few things and after enabling debug consol for safari and disabling javascript it stopped.
I believe its a problem with javascript.
i also had a few issues with youtube on my ipad 2. Now this problems stopped as well. dont know why, maybe no connection at all.
Hope this will give a clue to IT related persons how to stop this problem more conviniently.
 
Last edited:

DTJO

macrumors newbie
Jul 2, 2012
3
0
Switched to Chrome. Hopes it helps. If I don't get those weird pop ups within 48 hours, it is definitely a Safari issue.
Keep you posted. :)
 

poundsford

macrumors newbie
Jul 4, 2012
1
0
Also in Chrome

I just had the same happen in Chrome on a new iPad!

Still no idea about what is doing on. Some debugging might help.
 

blabla2

macrumors newbie
Jul 5, 2012
1
0
I have experienced the same pop-up problem. However, I don't think it is a virus. I think that it has to do with ads. Just like in angry birds there are ads to this on all kinds of websites. What I noticed is that I only experienced the problem when surfing to a new website (like Huffingtonpost or Treehugger). It could be that because of the touch screen you accidentally 'click' on the ad before the page is fully loaded.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.