Random porn pages on iOS Safari

Discussion in 'iPhone Tips, Help and Troubleshooting' started by Baumi, Jun 7, 2012.

  1. Baumi macrumors regular

    Joined:
    Mar 31, 2005
    #1
    Hi,

    I did something stupid yesterday. I got a semi-obvious phishing mail with a PDF attachment, and opened the mail on both my iPhone 4 and my iPad (believing myself to be safe since AFAIK there are no known viruses for non-jailbroken iDevices) – and when they tried to display the PDF, it was obviously broken.

    Shortly afterwards, random porn pages popped up in Safari on both devices every once in a while – the whole page would be redirected to a porn page.

    So far this only happened on two domains: berlin.de (official webseite of the city of Berlin) on the iPhone and cumhuriyet.com.tr (major Turkish newspaper) on the iPad, so this could be merely a coincidence and not related to the spam mail at all, e.g. a compromised ad network randomly dishing out porn, although at first glance the sites don't seem to use the same ad providers. I didn't yet see this behavior on my computers or an iPhone 3GS that didn't open the PDF. (Which, admittedly, doesn't prove much, since the pages only pop up every once in a while and I do most of my browsing on the two devices in question.)

    Both devices are running the latest iOS with no JB. I tried rebooting them – no change. I'll probably try a restore next to see if that stops it.

    I couldn't find any reports about something like this on the web. Did anyone else here ever experience something similar (with or without opening strange attachments first)?

    Thanks for any insight.

    Baumi
     
  2. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #2
    I've not heard of anything like this before on iOS. Have you reset Safari and cleared it's cache? If so, or if after doing so, they still pop up, I'd probably go with the restore option and wipe the phone and start over just to be safe.
     
  3. skywalkerr69 macrumors 6502a

    skywalkerr69

    Joined:
    Jan 21, 2011
    Location:
    New York
    #3
    wow this is really odd. Clear all the cache on safari and you might have to do a reboot and start over. Viruses hardly damage iOS, this might be a new trend. But hey? whats wrong with porn pages? :cool:
     
  4. RodThePlod, Jun 9, 2012
    Last edited: Jun 9, 2012

    RodThePlod macrumors 6502a

    RodThePlod

    Joined:
    Sep 7, 2005
    Location:
    London
    #4
    This is interesting. As others have said, it might be best if you restore your devices. If you still have a copy of the email, can you submit it to McAfee so they can have a look at it? I know some people in the McAfee virus labs who may be interested in looking at this.

    Go here: http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx

    Or zip the original email (you may have to zip it on your Mac or PC) and send it as an attachment to this address: virus_research@avertlabs.com.

    And in future, take heed of that age old advice about not opening attachments or clicking on links in unsolicited email ;)

    Cheers,

    RTP.
     
  5. thredhd macrumors newbie

    Joined:
    Jun 10, 2012
    #5
    same problem

    We have had the same problem with iPad 2 and iPod 4 (i think its a 4). They belong to my husband and our 7 yo boy uses them a lot. Not sure how it got started, completely possible my husband opened a bad email or the kid downloaded something he shouldnt have. But a lot of random porn pages have been coming up when trying to use Safari. So far the only way around it was to go straight to Google using Google App with 'strict' search settings and bypass Safari all around. Not sure if this is a fix or a bandaid but hoping it works. Cant have the little guy seeing things he shouldnt! Cant have any kind of virus passed to the home computer either!
     
  6. Baumi thread starter macrumors regular

    Joined:
    Mar 31, 2005
    #6
    Thanks for all the info! I did the cache purge, but I still got one more porn popup on the iPad, so far. Cumhuriyet, again. Still, since it didn't happen on any other site besides that and berlin.de, I'll assume a problem on their end is more likely than me being the first victim of iOS malware.

    I'll zip up the file and forward it to McAffee, though, just in case. The mail body shares some characteristics with a Windows-only PDF exploit launched at German users some months ago, but the text was updated for this round, so it may not necessarily carry the same payload as that old one.

    I'll let you know if there's anything more to this story than a known Windows trojan plus some freak coincidences.

    P.S.: Thanks, also, for the lack of "Every1 knows there's no iOS virus, your STOOPID!" replies. ;-)
     
  7. RodThePlod macrumors 6502a

    RodThePlod

    Joined:
    Sep 7, 2005
    Location:
    London
    #7
    Great - thanks for keeping us updated. The folks in the McAfee virus lab should be able to give you a response pretty quickly, so it would be great if you'd update this thread once you've heard back.

    Cheers!

    RTP.
     
  8. MacReloaded macrumors 6502

    MacReloaded

    Joined:
    Oct 31, 2007
    Location:
    Canada
    #8
    It kinda sounds like a PDF exploit to me, like the exploit used in JailbreakMe in iOS 4 with a broken PDF file.
     
  9. fsck-y dingo macrumors 65816

    fsck-y dingo

    Joined:
    Jun 14, 2009
    #9
    After you send the files to McAfee i'd suggest restoring as new and changing your passwords. I'm sort of paranoid in that regard, but considering what happened it can't hurt.
     
  10. GarrisonClayton macrumors newbie

    Joined:
    Jun 11, 2012
    #10
    Badoink

    The same thing is happening to me. So far, it has only happened on Tumblr.com. Some blogs on Tumblr redirect to a page advertising a "porn app" called Badoink. I've just started using the Atomic Web browser instead of Safari and haven't had it happen yet.
     
  11. Aleanrahel macrumors newbie

    Joined:
    Jun 19, 2012
    #11
    I had the same problem. Yesterday when I was typing in a searchbox on Ebay, a badoink page suddenly popped up, and (probably because I had continued typing) redirected to a page which looked like an Appstore page, but was in fact just a html-page in Safari.

    I have found both pages in the history:
    http://ipad.badoink.com/special_offer_v2.php
    http://www.badoink.com/tablet/app/index.php

    I know there is not supposed to be an iOS virus, but either there is, or Ebay has been hacked to sent iPad users to porn advertisements. :confused:

    BTW: this post is the only mention of this 'virus' I could find on the net, so this must be a quite recent thing.

    Does anybody have any idea how to get rid of this?
     
  12. Mrarkon macrumors newbie

    Joined:
    Apr 1, 2012
    Location:
    New Jersey, USA
    #12
    It's probably a problem within Safari itself, so your options are to either:
    A) Restore
    B) Download a different browser app, such as Opera Mini, Axis, Atomic, etc.
     
  13. JustCorz macrumors newbie

    Joined:
    Mar 31, 2011
    #13
    It happened to my wife's ipad on safari when she was browsing for wedding invitations for her friend on a website found through google. It happened to me on the same device using skyfire browser for ipad?

    It seems to be dummy websites which then forwards you onto a page with a fake badoink app which by the way is very explicit..not good, especially if you have children who use your ipad or iphone!
     
  14. AforAndromeda macrumors member

    AforAndromeda

    Joined:
    Jan 30, 2009
    Location:
    UK
    #14
    Just a quick message to add Sophos to the list of helpful resources. www.sophos.com

    They have been doing AV for Macs etc for years, and whilst I have used them extensively for PC networks in the past because the product and IT support is superb, they are not the first name most think of, probably because they are UK based.

    Worth informing.


    Pete

    :)
     
  15. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #15
    Have you any more information from McAfee on your email? I'm really curious to know how whatever it is, is "infecting" iOS, and causing these redirects.
     
  16. swordfish5736 macrumors 68000

    swordfish5736

    Joined:
    Jun 29, 2007
    Location:
    Cesspool
    #16
    To those of you having this issue what is your search domain under settings->wifi?
     
  17. ThatsMeRight macrumors 68020

    Joined:
    Sep 12, 2009
    #17
    I have read a lot of these reports and I even experienced it myself so this is definitely _not_ a problem for one, single individual.
     
  18. DTJO macrumors newbie

    Joined:
    Jul 2, 2012
    #18
    Same problem here.
    I have restored the iPad via iTunes but this morning when I opened safari I was redirected to a random porn page.
    I had this on multiple (official news)websites.

    Don't know what to do now.... :(
     
  19. ericrwalker macrumors 68030

    ericrwalker

    Joined:
    Oct 8, 2008
    Location:
    Albany, NY
    #19
    If you did a restore from a recent backup, then you might have put whatever was causing this back on the device. :confused:
     
  20. DTJO macrumors newbie

    Joined:
    Jul 2, 2012
    #20
    I didn't restored from a backup. I configurated the ipad as a new device. :)
     
  21. ericrwalker macrumors 68030

    ericrwalker

    Joined:
    Oct 8, 2008
    Location:
    Albany, NY
    #21


    Interesting.
     
  22. G.S., Jul 2, 2012
    Last edited: Jul 2, 2012

    G.S. macrumors newbie

    Joined:
    Jul 2, 2012
    #22
    Same problem here with being redirected to porn ads or play.google.... Sites. Without funny emails or anything elese from this direction. Tried out few things and after enabling debug consol for safari and disabling javascript it stopped.
    I believe its a problem with javascript.
    i also had a few issues with youtube on my ipad 2. Now this problems stopped as well. dont know why, maybe no connection at all.
    Hope this will give a clue to IT related persons how to stop this problem more conviniently.
     
  23. DTJO macrumors newbie

    Joined:
    Jul 2, 2012
    #23
    Switched to Chrome. Hopes it helps. If I don't get those weird pop ups within 48 hours, it is definitely a Safari issue.
    Keep you posted. :)
     
  24. poundsford macrumors newbie

    Joined:
    Jul 4, 2012
    #24
    Also in Chrome

    I just had the same happen in Chrome on a new iPad!

    Still no idea about what is doing on. Some debugging might help.
     
  25. blabla2 macrumors newbie

    Joined:
    Jul 5, 2012
    #25
    I have experienced the same pop-up problem. However, I don't think it is a virus. I think that it has to do with ads. Just like in angry birds there are ads to this on all kinds of websites. What I noticed is that I only experienced the problem when surfing to a new website (like Huffingtonpost or Treehugger). It could be that because of the touch screen you accidentally 'click' on the ad before the page is fully loaded.
     

Share This Page