On CBS.com: Play Survivor Video Trivia Now
BNET Business Network:
BNET
TechRepublic
ZDNet

November 8th, 2009

Worm inflicts Rick Astley wallpaper on jailbroken iPhones

Posted by Adrian Kingsley-Hughes @ 2:20 pm

Categories: Apple, Security

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Adrian Kingsley-Hughes

The first worm targeting Apple’s iPhone is alive and spreading in the wild. But most iPhone owners need not worry about it.

The worm, known as Ikee, is as malware goes, pretty harmless in that all it does is change the lock screen wallpaper to a picture of 80’s signer Rick Astley before looking for other devices to infect. Users who try to un-Rickroll themselves by changing the wallpaper back to the one they want find that Astley is back when the iPhone restarts.

Note: The name comes from the message displayed on the wallpaper: “ikee is never going to give you up.

Most iPhones are safe from Ikee because the malicious code can only run on devices that have been jailbroken to allow it to run unofficial code. On top of that SSH (Secure Shell) must be installed and the password must be the default one - “alpine.

“Other inquisitive hackers may also be tempted to experiment once they read about the world’s first iPhone worm,” said Graham Cluley, a technology consultant with security vendor Sophos. “Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.” Right now there are four variants of Ikee, none of which are harmful.

There’s a fair bit of discussion on Ikee on the popular Australian forum Whirlpool.

As a side note, Cluley seems to have uncovered a fair bit of information on the person who wrote the worm. 

So far there are no reports of Ikee infection outside of Australia.

Bottom line, if you don’t know what you are doing, and understand the consequences of your actions, jailbreaking an iPhone isn’t something you should be doing. If you’ve got a jailbroken iPhone then you should change the root password as soon as possible.

Removing Ikee

Here are instructions on how to remove Ikee variants

Variants A, B and C

  • Remove: /bin/poc-bbot
  • Remove: /bin/sshpass
  • Remove: /var/log/youcanbeclosertogod.jpg
  • Remove: /var/mobile/LockBackground.jpg
  • Remove: /System/Library/LaunchDaemons/com.ikey.bbot.plist
  • Remove: /var/lock/bbot.lock
  • Reboot the iPhone, reinstall SSH and change the default root password

Variant D

  • Remove: /usr/libexec/cydia/startup
  • Remove: /usr/libexec/cydia/startup.so
  • Remove: /usr/libexec/cydia/startup-helper
  • Remove: /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
  • Reinstall Cydia from the terminal as follows:
        Su root
        alpine
        get-app remove cydia
        get-app install cydia
  • Reboot the iPhone and change the default root password

Adrian Kingsley-HughesAdrian is a technology journalist and author who has devoted over a decade to helping users get the most from technology. He also runs a popular blog called The PC Doctor. See his full profile and disclosure of his industry affiliations

Want to get in touch? Got a tip? Feel free to drop me a note! I ALWAYS respect anonymity. I'm also on Twitter (@the_pc_doc)

Right to Reply: Should any industry representatives wish to comment on any posts on Hardware 2.0, I will be happy to publish their reply verbatim on this blog.

Subscribe to Hardware 2.0 via Email alerts or RSS.

  • Talkback
  • Most Recent of 29 Talkback(s)
It's not about specs.
Hi, macadam.

You said:

Apple and AT&T (in the USA) advertise the h311 out of the iPhone
including listing what it can (by default) do. If you want to do
something else, check to... (Read the rest)
Posted by: bhartman36 Posted on: 11/22/09 You are currently: a Guest | | Terms of Use
But... but... but... OS X is Unix! It is immune!  NonZealot | 11/08/09
@NonZealot  blackshroud | 11/08/09
Fail! please try again  zaphod778 | 11/08/09
Double fail  honeymonster | 11/09/09
You can't fight double standards  Viva la crank dodo | 11/09/09
You're wrong on at least two points  bhartman36 | 11/09/09
Ummm, interesting  mrjoctave@... | 11/10/09
"Illusion" is exactly the right word.  bhartman36 | 11/17/09
uummm, interesting  mrjoctave@... | 11/10/09
{YAWN}  macadam | 11/09/09
A few fallacies here.  bhartman36 | 11/09/09
It's a phone not a PC  macadam | 11/09/09
It's not about specs. *NEW*  bhartman36 | 11/22/09
I disagree *NEW*  oncall | 11/09/09
The Loverock Davidson of anti-Apple *NEW*  Viva la crank dodo | 11/09/09
AntiAppleZealot, AntiAppleZealot, AntiAppleZealot... *NEW*  athynz | 11/09/09
Um, no! *NEW*  mgp3 | 11/09/09
I have to admit I was wrong - and right... *NEW*  athynz | 11/10/09
May Your Micro$haft Windoze Mobile Phone Get Rickrolled, Zealot *NEW*  drprod@... | 11/09/09
But...But...But... *NEW*  OhKrud | 11/10/09
Then...then...then... *NEW*  athynz | 11/10/09
Epic Win *NEW*  NStalnecker | 11/09/09
Kind of funny?... *NEW*  lawryll@... | 11/09/09
1 more *NEW*  athynz | 11/10/09
happy *NEW*  TimmyB | 11/09/09
Ah - the good old days...  *NEW*  ejhonda | 11/09/09
Good lessons! *NEW*  macadam | 11/09/09
RE: Worm inflicts Rick Astley wallpaper on jailbroken iPhones *NEW*  athynz | 11/09/09
Can u believe it *NEW*  mrjoctave@... | 11/10/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement
Click Here

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here