This is long, so I apolgoize, but it's been a long 24 hours and I wanted to get all of the information out first and avoid a bunch of questions and repllies... I'd dearly love an answer or some more things to try.
I am a former Sr. Unix Admin, IT Director who started out as a PC Technician. My first computer was a Timex Sinclair, so let's just say I'm technically inclined as a hobbyist and a professional.
While using my iPad recently I noticed that my google search results were going to the website askthecrew.net instead of the actual URL's listed. I recognized instantly that this was a Google Redirect Virus and yet it took my brain even longer to accept that it was now somehow on my original iPad with IOS 5. At first I thought, well, I didn't know what to think so I closed all of the tabs, rebooted the device and tried again. Same problem. Next I went and cleared my cache, history, etc and even disabled Safari, rebooted it, re-enabled Safari and tried again. Problem solv... You see, the redirect to askthecrew went away, but I noticed something happening that was weird...
Clicking on any google search result would now redirect to another site, creditpuma.com, and then very quickly go to the site I originally wanted to see.
I'm sure that this site collects my information, cookies... whatever it can grab really and then makes a nice profit selling it off to dishonest (and honest) marketing companies.
Let me stop here in my narrative and say that this iPad has never seen a jailbreak. It has never been exposed to anything unusual other than my own app development of an app that is currently in the store and does little more than pull RSS info. I has never been abducted by Russian hackers and when not used for my business, is used by a housewife who plays games, and occasionally shops online.
After an evening of backing up my data, taking my iPad to the Genius Bar at my local Apple store, searching the internet and trying to restore my iPad to factory settings - including deleting .ipsw file in iTunes (which forces a reinstall of IOS 5) - my device is still infected. It still redirects.
It is JavaScript based, because if I turn that off, the problem goes away, but that is not a solution is it?
And then, I tried my wife's iPhone 4, which has not been updated to IOS 5. It has the same exact problem, only that phone never experienced the 'askthecrew' redirect, it simply does the quick redirect to creditpuma and back to where it should be.
I checked my own phone, thinking, well maybe my internet is goofy. Yes, I know, this makes no sense, but I had to try and my iPhone 4 (IOS 5) and it works exactly as it should. No virus. No redirect. No issues at all. (I don't use Safari on my Mac, but Chrome worked fine, as did IE on my Laptop)
Here is the big fat scary - on the iPhone the address bar can often disappear before you even see where you are going. This virus could be on a lot of phones and nobody would notice it even if they were technically inclined . I went out of my way to look for it, and found it. Even if you can see the address bar (like on the iPad) it can happen so fast you don't even think about it - or assume it's just the website itself redirecting you to another page.
Further - I don't think this happened via an App. I use the iPad a few times a week and this virus was not there a week ago, and no common apps have been downloaded (or updated) between the iPad and iPhone.
The people at the Apple store can't help, the best advice I could find on the Internet was to remove the .ipsw file, and I'm not about to pay Apple $30 for phone support to help them fix a serious security flaw in their own OS, which would likely take them 3 months to fix with their current track record.
Still looking for solutions - and warning everyone - check your IOS devices for a Google Redirect Virus.
Nathaniel Beall - nathaniel athe barsmart dot com