Malware possibilities in jailbroken iPad 2 iOS 5.0.1

Yesterday I asked an inquiry below: Anyone know about /private/var/keybags/backup_keys_cache.db

Today after referring my close friend using email concerning this, I located an additional dubious documents:

AbiFathirs-iPad:~ root# ls /private/var/mobile/ -al
total 10256
drwxr-xr-x   7 mobile mobile      340 Feb 19 07:15 ./
drwxr-xr-x  30 root   wheel      1156 Feb 18 23:52 ../
-rw-------   1 mobile mobile     3738 Feb 19 07:15 .bash_history
-r--r--r--   1 mobile mobile       10 Oct  6 10:31 .forward
drwx------   2 mobile mobile      170 Feb 16 17:34 .ssh/
drwxr-xr-x 252 mobile mobile     8568 Feb 19 00:40 Applications/
drwxr-xr-x   3 root   mobile      102 Jan 26 15:26 Documents/
drwxr-xr-x  43 mobile mobile     1496 Feb 18 23:22 Library/
drwxr-x---  17 mobile mobile      612 Feb  1 11:30 Media/
-rw-r-----   1 root   mobile 10485760 Feb 19 07:15 log.0000000001

I move the log documents over right into my ubuntu equipment, after that attempt to see the web content of the documents:

➜  Downloads  hd log.0000000001
00000000  00 00 00 00 1c 00 00 00  7e 04 55 18 88 09 04 00  |........~.U.....|
00000010  0d 00 00 00 00 00 a0 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00a00000

My close friend recommend me to examine the log. When I most likely to log folder in my iPad, I located an additional dubious documents:

AbiFathirs-iPad:~ root# ls -al /private/var/log
total 448
drwxr-xr-x  7 root wheel    340 Jan 26 14:02 ./
drwxr-xr-x 30 root wheel   1156 Feb 18 23:52 ../
drwxr-xr-x  2 root wheel   3264 Feb 19 00:04 DiagnosticMessages/
drwxr-xr-x  2 root wheel    102 Jan 26 14:42 apt/
drwxr-xr-x  2 root wheel    102 Nov  3 09:47 asl/
-rw-r-----  1 root admin      0 Oct  6 10:31 kernel.log
-rw-r--r--  1 root wheel      0 Nov 19 00:00 notifyd.log
drwxr-xr-x  2 root wheel     68 Nov  3 11:01 ppp/
-rwx------  1 root wheel 457536 Jan 26 14:01 racoon.log*
drwxr-xr-x  2 root wheel     68 Nov  3 10:18 sa/

After transfer it to my ubuntu equipment:

➜  Downloads  file racoon.log
racoon.log: Mach-O executable acorn

I need to know if those documents is additionally exist in various other jailbroken iDevice or otherwise?

Any person recognize or experience the comparable instance in your jailbroken iDevice?

Update 20 Feb 2012

According to brittag in modmyi forum, and also bot47 listed below, racoon.log is a regular documents that exist in jailbroken iPad 2.

What left currently is the procedure that created /private/var/keybags/backup_keys_cache.db is still unidentified and also could be still energetic in my iPad.

0
2022-06-07 14:31:10
Source Share
Answers: 1

racoon.log comes from the iOS IPSec VPN customer: See here¢ I have no idea concerning the various other documents, yet remember that there is presently no iOS malware in the wild.

Do not get me incorrect, yet excavating in the iOS documents tree will certainly turn up a great deal of such "suspicious" documents.

1
2022-06-07 14:50:35
Source