• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Malicious Worm Takes Aim at Jailbroken iPhones



    There's a new worm on the radar. And, this time, it's a bit more nefarious than anything Rick Astley could have ever imagined himself.

    The worm is the first malicious infestation to hit the iPhone, the first merely displaying a picture of 1980's crooner Rick Astley - although music lovers might claim that was pretty malicious as well.
    According to a boatload of media outlets covering the news today, a second worm to hit the iPhone has been detected by security company F-Secure. And, says TG Daily, for now, the worm has set its sights on people in the Netherlands who use their iPhones for internet banking with Dutch online bank ING Direct.

    In other words, this worm isn't just for "fun." There is an obvious financial motive behind this newly discovered attack.

    The worm attacks jailbroken phones and sneakily redirects bank customers to a cloned, look-alike site prompting one to enter their username and password. Naturally, the bank is now frantically trying to get the word out to customers in a hurried fashion.

    Unfortunately, it isn't yet clear just how many iPhones may be infected. Once thought to be merely in the hundreds, it's now more likely that the number has increased into the thousands. As warned by F-Secure, the aforementioned worm can recruit iPhones to a botnet and skip around among phones currently sharing the same wi-fi hotspot.

    "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," says F-Secure research director Mikko Hyponen."It's fairly isolated and specific to Netherlands but it is capable of spreading."
    For now, fending off the worm involves some pretty basic steps. For example, jailbroken phone owners are strongly encouraged to revise their SSH password from the default '"Alpine" to help evade the worm.

    To help spread the word and not the worm, F-Secure is endeavoring to publish as many known details as possible of the worm. You can check out their official blog originating from Lithuania by clicking here.

    Image via Mobile Castle
    This article was originally published in forum thread: Malicious Worm Takes Aim at Jailbroken iPhones started by Michael Essany View original post
    Comments 56 Comments
    1. madczech's Avatar
      madczech -
      lucky I dont live in the netherlands!
    1. Imahottguy's Avatar
      Imahottguy -
      For the love of gawd! n00bs: Change your effing root password!!

      @Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.
    1. madczech's Avatar
      madczech -
      Quote Originally Posted by Imahottguy View Post
      For the love of gawd! n00bs: Change your effing root password!!

      @Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.
      True that!

      Or just uninstall openssh!!
    1. Michael Essany's Avatar
      Michael Essany -
      @Imahottguy Thanks! I've put in a link.
    1. mixi92's Avatar
      mixi92 -
      Quote Originally Posted by Imahottguy View Post
      For the love of gawd! n00bs: Change your effing root password!!

      @Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.
      Got it on...see post...instruction also in cydia...

      2nd Worm hit Jailbroken iPhones

      Quote Originally Posted by Messany View Post
      @Imahottguy Thanks! I've put in a link.
      Thanks Messany...hope everyone would change their password.
    1. CaptainChaos's Avatar
      CaptainChaos -
      Yet another convincing piece of evidence that Apple can use against jailbreaking in the upcoming hearings. Great.
    1. jalexis4192's Avatar
      jalexis4192 -
      Noob question, But this work if you dont have SSH installed? or is the root and alpine set by default as soon as you jailbreak?
    1. CaptainChaos's Avatar
      CaptainChaos -
      If you don't have ssh installed then you don't have to worry about it. The benefits of having it though are why it will always be on my phone.
    1. chris4851's Avatar
      chris4851 -
      It's as simple as this.... if you know how to and have Jailbroken your phone you SHOULD know how to change your root password. Pure laziness and it's there fault to get infected.
    1. jalexis4192's Avatar
      jalexis4192 -
      Quote Originally Posted by CaptainChaos View Post
      If you don't have ssh installed then you don't have to worry about it. The benefits of having it though are why it will always be on my phone.
      I know, but i just use it maybe once to get my theme on phone, and to get the tethering hack, after that, its pretty much useless to me, Since i dont switch themes every 5 seconds like some people do, dont use dTunes or anything either so yeah.
    1. CaptainChaos's Avatar
      CaptainChaos -
      True, but if your phone gets stuck at the bootlogo and you don't have ssh then your only option is to restore.
    1. boxxa's Avatar
      boxxa -
      These aren't that complex of "Worms". Any basic programmer can write a walking script that simply:

      1) Try SSH to IP
      2) Login as root/alpine
      3) Replace hosts file with bad one
      4) Try SSH to next IP.
    1. tudtran's Avatar
      tudtran -
      MTF. leave other people **** alone.
    1. marko911's Avatar
      marko911 -
      TO ALL : Please just change the root password and thats it its not that hard just click on this link and it will show you step by step on how to do it ..

      How To Change the iPhone’s Root Password | Just Another iPhone Blog

      Dont forget to hitt the " thanks " if it helped you .
    1. bobsco's Avatar
      bobsco -
      Its simple to avoid. Just change the password from alpine to whatever you want. Issue resolved. I can't live without ssh so its a no brainer.
    1. nudge2232's Avatar
      nudge2232 -
      Has anyone had the thought that maybe Apple are behind these "attacks" to scare people away from jailbreaking?
    1. hancoma's Avatar
      hancoma -
      What is this, the 3rd 'worm' in as many weeks due to this issue?
      I cannot believe this is still occurring. Seriously, once I used Cyberduck with SSH, that was the first thing I changed.

      I think this is the result of a lot of people simply doing 'cool' things on their phone and do not really understand the ramifications of leaving ANY passwords in default...
      I believe this will only get worse as JB becomes more mainstream.

      WOW!!
    1. mr117's Avatar
      mr117 -
      Isn't it, really, "You are, Number 6"? Oops, I gave it all away.

      You know, for us Mac-ies, there are other ways to access files. I use iFuntastic, I ain't 'fraid of no worm!
    1. n00neimp0rtant's Avatar
      n00neimp0rtant -
      Oh, the SSH "hacker" sh!t again? Really? This is getting pretty old.
    1. z28kid's Avatar
      z28kid -
      Even I have changed my password. I am a first time jb'er and this is not that hard people. If you keep ssh on all the time bad things are gunna happen