The website used to infect engineers at Facebook with espionage malware has been identified as an iPhone developer forum by people close to the investigation into the hacking incident.

That page, at the iPhone developer website iphonedevsdk.com, was used to expose visitors to a previously undocumented vulnerability in Oracle's Java browser plugin. The "zero-day" exploit allowed the attackers to install a collection of malware on the Java-enabled computers of those who visited the site. Ars readers shouldn't visit the site because it still may still be compromised.

iphonedevsdk.com is an example of a "watering hole" attack. These attacks compromise a site popular with a population of desired hacking victims, using security vulnerabilities to install code on the Web server hosting it, which injects attacks into the HTML sent to its visitors. In this case, the site, which hosts a Web forum for iPhone developers, netted the hackers access to the computers of software engineers and developers working on mobile application projects for a number of companies, including Facebook. The exploit was the source of the attack on Twitter that led to the theft of Twitter usernames and passwords, according to a source familiar with the attack, and was used to infect computers belonging to Apple engineers. The source requested anonymity because he was not authorized to provide the details to the press.

While Facebook and a third party working with the company "sinkholed" the command and control server that was communicating with malware installed by the Java zero-day exploit, the site may still be a source of attacks using other exploits. Mobile developers who have used the forum in the last few months should check their systems for signs of malware.