• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Malicious Worm Takes Aim at Jailbroken iPhones



    There's a new worm on the radar. And, this time, it's a bit more nefarious than anything Rick Astley could have ever imagined himself.

    The worm is the first malicious infestation to hit the iPhone, the first merely displaying a picture of 1980's crooner Rick Astley - although music lovers might claim that was pretty malicious as well.
    According to a boatload of media outlets covering the news today, a second worm to hit the iPhone has been detected by security company F-Secure. And, says TG Daily, for now, the worm has set its sights on people in the Netherlands who use their iPhones for internet banking with Dutch online bank ING Direct.

    In other words, this worm isn't just for "fun." There is an obvious financial motive behind this newly discovered attack.

    The worm attacks jailbroken phones and sneakily redirects bank customers to a cloned, look-alike site prompting one to enter their username and password. Naturally, the bank is now frantically trying to get the word out to customers in a hurried fashion.

    Unfortunately, it isn't yet clear just how many iPhones may be infected. Once thought to be merely in the hundreds, it's now more likely that the number has increased into the thousands. As warned by F-Secure, the aforementioned worm can recruit iPhones to a botnet and skip around among phones currently sharing the same wi-fi hotspot.

    "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," says F-Secure research director Mikko Hyponen."It's fairly isolated and specific to Netherlands but it is capable of spreading."
    For now, fending off the worm involves some pretty basic steps. For example, jailbroken phone owners are strongly encouraged to revise their SSH password from the default '"Alpine" to help evade the worm.

    To help spread the word and not the worm, F-Secure is endeavoring to publish as many known details as possible of the worm. You can check out their official blog originating from Lithuania by clicking here.

    Image via Mobile Castle
    This article was originally published in forum thread: Malicious Worm Takes Aim at Jailbroken iPhones started by Michael Essany View original post
    Comments 56 Comments
    1. ecd5000's Avatar
      ecd5000 -
      ok changing the PW seems to hard, then download some toggles and keep ssh off if your not using it. love how this is the 3rd topic on this type of thing and people still seem to have issues with it, they dont deserve to have an iphone
    1. hancoma's Avatar
      hancoma -
      Quote Originally Posted by aekhamsouk View Post
      how come these carriers don't protect their customers and their own network by locking down these ports and protocols? duh!
      The carriers have nothing to do with it...this is an issue that ONLY applies to jailbroken iphones that have ssh installed, with the default password not changed.

      Phones not jailbroken will not and cannot be exploited with this 'worm. '
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by hancoma View Post
      The carriers have nothing to do with it...this is an issue that ONLY applies to jailbroken iphones that have ssh installed, with the default password not changed.

      Phones not jailbroken will not and cannot be exploited with this 'worm. '
      I think he was meaning they block the ports used to SSH in. I thought I saw that ATT blocked port 22.

      I just saw a story on MSNBC on this and laughed because of this:

      For example, Apple prevents users from switching service providers to unauthorized carriers and limits users to the approximately 100,000 programs that the company has vetted for installation on the device. There are thousands of unauthorized programs covering areas including Internet phone calls, WiFi access and pornography.

      Really lol. Didn't know we couldn't get porn without being jailbroken.
    1. KartRacer's Avatar
      KartRacer -
      Quote Originally Posted by Imahottguy View Post
      You should put info on how to change the default password in the first post, n00bs need to be spoon fed.
      Actually they need the TV to fall on their head, so to speak.
    1. kugi_igi's Avatar
      kugi_igi -
      another "worm" issue again,maybe started by Apple again
    1. matthew1111's Avatar
      matthew1111 -
      Jailbreak programs should now come w/ instructions on how to change your default pass alpine!
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      More worms? Can't these hackers just leave the iPhone and iPod touch alone?
    1. smuggler's Avatar
      smuggler -
      is the worm just effecting jailbroken iphones running openssh? the article doesn't really explain in great detail as to how an iphone is vulnerable to the attack
    1. blkcadi's Avatar
      blkcadi -
      ^ yes, actually I was reading on another forum today and a guy had posted screenies of his virus infested phone. This is for real people. Take heed.
    1. 1hihum's Avatar
      1hihum -
      Quote Originally Posted by KartRacer View Post
      Actually they need the TV to fall on their head, so to speak.
      Way to contribute guys. It must be nice to have never been a noob yourselves. I now know who to go to whenever I don't have an answer.



      Where's the Bull$!t smiley when i need it.
    1. szr's Avatar
      szr -
      Another thing one can do to pretect one self (in addition to disabling SSH when it's not needed and possibly switching off password auth in favor of key based auth) is to edit the /etc/ssh/sshd_config file on the device and uncommand/change the 'Port' setting.

      Be default an SSH server usually listens on tcp port 22, but you can change that to, say,
      Code:
      Port 522
      Th reason this is safer is that Viri like this new worm look for running ssh servers using the default port, 22.
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by szr View Post
      Another thing one can do to pretect one self (in addition to disabling SSH when it's not needed and possibly switching off password auth in favor of key based auth) is to edit the /etc/ssh/sshd_config file on the device and uncommand/change the 'Port' setting.

      Be default an SSH server usually listens on tcp port 22, but you can change that to, say,
      Code:
      Port 522
      Th reason this is safer is that Viri like this new worm look for running ssh servers using the default port, 22.
      Thank you I was wondering this the other day; just changing the port to a different one.
    1. mwo2616's Avatar
      mwo2616 -
      Quote Originally Posted by madczech View Post
      True that!

      Or just uninstall openssh!!


      Already done that!
    1. ifonemaniac's Avatar
      ifonemaniac -
      Quote Originally Posted by Risingstar View Post
      willing to bet any money that Apple is making these bugs.
      Please dont get rota started... :-p J/k rota much love
    1. xwinger's Avatar
      xwinger -
      too bad my iphone is broken
    1. Eiswritsat's Avatar
      Eiswritsat -
      this is what showed up on her first gen iphone lastnight, her phone is unlocked and the ssh password was changed from alpine over a month ago...crazy right. Im glad mine is ok, so i had to do another restore for her at like 12:30