Posted on 03/29/2016 2:42:37 PM PDT by CedarDave
Running Windows 7. Plugged in my iphone to download some work photos, and an update from Apple popped up to update itunes and video software. I started the download and my AVG business antivirus detected the win32/herz virus and deleted it. Checking on the name and it appears to be a particularly nasty virus.
If any Apple fans on here know how to notify Apple, I'll be glad to send the URL link. It starts with swcdn.apple.com/... and seems to be a legitimate link.
Shades of “Back Door”!
Are you sure you’re really connecting to swcdn.apple.com? DNS poisoning attacks are common these days. Do you have the actual IP address you connected to?
He’ll know a bit more about the Apple side
This can be a false alarm.
I don’t like it use the Apple update. I just download and re-run the whole iTunes installer. Once I did an update and the CD drive became in-accessable.
www.virustotal.com will scan any file against two dozen anti virus programs. Then in doubt, use that.
False positive from AVG, I expect.
Here is what I get:
> swcdn.apple.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: swcdn.g.aaplimg.com
Address: 17.253.15.202
Aliases: swcdn.apple.com
swcdn.apple.com.akadns.net
I am using the Google public DNS servers, so that should be a clean lookup.
I’m sorry; I don’t understand your response. Is the address legit or not?
Good catch on the actual IP address. Could be a nasty redirect. The address looks like a valid Apple software CDN.
CD drive inaccessible?? Wow!
Are you saying I should delete my Apple programs for Windows and then download fresh directly from Apple?
swcdn.apple.com/content/downloads/17/00/031 ... /applesoftware.msi
If you computer is connecting to 17.253.15.202, then you are good. But is that where it is really connecting to? Do you get the same IP when you look up the address?
There are updates to iTunes available, but It should not have any viruses attached to it. It is a digitally signed software from Apple. That is a correct domain associated with Apple Canada. Are you in Canada? If not, you should not be downloading from there, but from a USA Apple source to get the right download file.
FBI/NSA getting even! : )
Thanks for the response. I’m located in southeastern New Mexico.
When I plugged in my iPhone that is the link address that popped up.
Do you believe I got a false positive with AVG (the program “secured” the link by blocking the URL from downloading)?
Do you recommend my uninstalling all Apple software* and reinstalling from the Apple location?
* Currently installed with today’s date -
Apple support application (32 bit)
Apple support application (64 bit)
Apple mobile device support
Apple software update
iTunes
Installed with January update:
Quicktime 7
Any suggestions appreciated.
That .MSI bothers me. MSI = Microsoft Installer. It is not a typical extension for Apple. I’d use any link I could find for Apple to share that information with them.
Just got a post from CedarDave. The rest of the string ended with .MSI. That indicates Microsoft installer. Not a good sign from an Apple site. I suggested he send the string to Apple.
I’m installing an iTunes update on a Win 7 machine. If not that type of extension, what should it be?
I am not too sure of the architecture, since I don’t use Apple products.
As I follow the conversation, he plugged an iPhone into a Windows computer and got what purported to be a software update from Apple. If this software update is for iTunes on a Windows PC, isn’t a .msi file what your would expect? I don’t see why plugging in an iPhone would activate a request to update Windows software, however.
Plugging in the iPhone activated a request to up date the itunes software for a PC.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.