On mySimon: Norelco 6940 Shaver
BNET Business Network:
BNET
TechRepublic
ZDNet

November 23rd, 2009

New iPhone worm found in the wild

Posted by Jason D. O'Grady @ 9:27 am

Categories: Jailbreak, Malware, Security, Vulnerability, Worm, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Viruses And Worms, Security, Jason D. O'Grady

On November 2 a hacker was able to identify jailbroken iPhones unning SSH on T-Mobile’s Netherlands network via port scanning and used the vulnerability to change the wallpaper to display a message that demanded a 5 Euro ransom.

One November 7 another malware, dubbed ikee, “rickrolled” compromised iPhones by changing the wallpaper to a picture of Rick Astley (pictured).

Today a new, more nefarious worm that attacks jailbroken iPhone and iPod Touch devices has been discovered. According to Sophos this latest iPhone worm was discovered when a Dutch ISP reported unusual amounts of data traffic. Slashdot posted a link to a translation of a Dutch security blog post with more details.

There are some significant differences from the 5 Euro scam, the most notable of which is that this worm uses command-and-control like a traditional PC botnet. It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server (HTTP) to upload stolen data and cede control to the bot master.

Security.nl reports that the new worm changes the SSH root password making it more difficult to stop.

This worm attacks IP ranges from a larger range of ISPs, including UPC (Netherlands), Optus (Australia), and T-Mobile (Many). When an infected device is hooked up to a WiFi connection, the worm can spread more quickly to more IP addresses than on a typical 3G connection.

It’s difficult to tell if your iPhone has been compromised, but one symptom is that battery life becomes very, very short when the device is connected to WiFi, because the worm is generating so much network activity. The recommended method to remove this malware from your iPhone is to restore the Apple factory firmware using iTunes.

If you’ve jailbroken your phone and are running SSH, change the default password.

Jason D. O'GradyJason D. O'Grady is the editor of PowerPage.org, which has been publishing daily mobile technology news since December 1995. For disclosures on Jason's industry affiliations, click here or to view Jason's full profile click here.

Email Jason D. O'Grady

Subscribe to The Apple Core via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 40 Talkback(s)
This is a technical issue; righteousness optional
Your ethical expectations are out of touch with reality, but I will give you the benefit of the doubt that it wasn't ownership of a Mac product that caused it.

The issue here is, as ever will b... (Read the rest)
Posted by: n.ang Posted on: 11/30/09 You are currently: a Guest | | Terms of Use
But I thought Apple OS X was immune from ALL such things. (nt)  ths40 | 11/23/09
When you jailbreak your iPhone  GuidingLight | 11/23/09
Do something illegal; expect illegal activity in return.  No More Microsoft Software Ever! | 11/23/09
I'm not so sure about that.  matthew_maurice | 11/23/09
It's technically NOT illegal  athynz | 11/27/09
Well according to Apple it is, and it's their phone, so.. ya.  AzuMao | 11/30/09
Then Apple  athynz | 11/30/09
This is a technical issue; righteousness optional  n.ang | 11/30/09
Any I thought Zdnet was immune to trolling?  maskman01 | 11/23/09
Awe c'mon...it's FUN trolling...  ths40 | 11/23/09
I wonder if more babies have been made as a ...  maskman01 | 11/23/09
Not under MY bridge. grin (nt)  ths40 | 11/23/09
It's not immune to the user illegally hacking into his phone to disable  AzuMao | 11/25/09
password changing instructions:  lostarchitect | 11/23/09
Broken or False link  jzac888 | 11/25/09
it's not false  athynz | 11/27/09
Ignore jzac888's post. The link is fine. Just copy and paste it.  AzuMao | 11/30/09
No thanks, I'll stick with the safer platform  NonZealot | 11/23/09
If by double standards you mean accuracy...  maskman01 | 11/23/09
Jailbroken, not jailbroken, white case, black case... all still the iPhone  NonZealot | 11/23/09
So...  maskman01 | 11/23/09
All I need to know in 2 questions  NonZealot | 11/23/09
And all I need to know...  maskman01 | 11/23/09
Welcome to ZDNET mask..  Tigertank | 11/23/09
Once again feeding the troll  athynz | 11/27/09
WM?  AzuMao | 11/30/09
@AzuMao  athynz | 11/30/09
LOL! NonZealot just a user! LOL!!!!!  No More Microsoft Software Ever! | 11/23/09
He doesn't need proof.  AzuMao | 11/30/09
You fed the Troll!  matthew_maurice | 11/23/09
The only safer platform for you in a sun deck on the moon.  No More Microsoft Software Ever! | 11/23/09
If you can't beat him  Turd Furgeson | 11/25/09
IF he actually had facts to back up his opinions  athynz | 11/27/09
Tosser  mattmuir | 11/25/09
You are just like a broken record...  athynz | 11/27/09
RE: New iPhone worm found in the wild  Gis Bun | 11/24/09
Apple would never approve it  FrankHa | 11/25/09
Why would they have to?  AzuMao | 11/30/09
For what purpose?  athynz | 11/27/09
and targeting ING customers  rhon@... | 11/24/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads