Malicious Worm Takes Aim at Jailbroken iPhones

[Michael Essany]

There's a new worm on the radar. And, this time, it's a bit more nefarious than anything Rick Astley could have ever imagined himself.

The worm is the first malicious infestation to hit the iPhone, the first merely displaying a picture of 1980's crooner Rick Astley - although music lovers might claim that was pretty malicious as well.

According to a boatload of media outlets covering the news today, a second worm to hit the iPhone has been detected by security company F-Secure. And, says TG Daily, for now, the worm has set its sights on people in the Netherlands who use their iPhones for internet banking with Dutch online bank ING Direct.

In other words, this worm isn't just for "fun." There is an obvious financial motive behind this newly discovered attack.

The worm attacks jailbroken phones and sneakily redirects bank customers to a cloned, look-alike site prompting one to enter their username and password. Naturally, the bank is now frantically trying to get the word out to customers in a hurried fashion.

Unfortunately, it isn't yet clear just how many iPhones may be infected. Once thought to be merely in the hundreds, it's now more likely that the number has increased into the thousands. As warned by F-Secure, the aforementioned worm can recruit iPhones to a botnet and skip around among phones currently sharing the same wi-fi hotspot.

"It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," says F-Secure research director Mikko Hyponen."It's fairly isolated and specific to Netherlands but it is capable of spreading."

For now, fending off the worm involves some pretty basic steps. For example, jailbroken phone owners are strongly encouraged to revise their SSH password from the default '"Alpine" to help evade the worm.

To help spread the word and not the worm, F-Secure is endeavoring to publish as many known details as possible of the worm. You can check out their official blog originating from Lithuania by clicking here.

Image via Mobile Castle

[madczech]

lucky I dont live in the netherlands!

[Imahottguy]

For the love of gawd! n00bs: Change your effing root password!!

@Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

[madczech]

For the love of gawd! n00bs: Change your effing root password!!

@Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

True that!

Or just uninstall openssh!!

[Michael Essany]

@Imahottguy Thanks! I've put in a link.

[mixi92]

For the love of gawd! n00bs: Change your effing root password!!

@Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

Got it on...see post...instruction also in cydia...

2nd Worm hit Jailbroken iPhones

@Imahottguy Thanks! I've put in a link.

Thanks Messany...hope everyone would change their password.

[CaptainChaos]

Yet another convincing piece of evidence that Apple can use against jailbreaking in the upcoming hearings. Great.

[jalexis4192]

Noob question, But this work if you dont have SSH installed? or is the root and alpine set by default as soon as you jailbreak?

[CaptainChaos]

If you don't have ssh installed then you don't have to worry about it. The benefits of having it though are why it will always be on my phone.

[chris4851]

It's as simple as this.... if you know how to and have Jailbroken your phone you SHOULD know how to change your root password. Pure laziness and it's there fault to get infected.

[jalexis4192]

If you don't have ssh installed then you don't have to worry about it. The benefits of having it though are why it will always be on my phone.

I know, but i just use it maybe once to get my theme on phone, and to get the tethering hack, after that, its pretty much useless to me, Since i dont switch themes every 5 seconds like some people do, dont use dTunes or anything either so yeah.

[CaptainChaos]

True, but if your phone gets stuck at the bootlogo and you don't have ssh then your only option is to restore.

[boxxa]

These aren't that complex of "Worms". Any basic programmer can write a walking script that simply:

1) Try SSH to IP
2) Login as root/alpine
3) Replace hosts file with bad one
4) Try SSH to next IP.

[tudtran]

MTF. leave other people **** alone.

[marko911]

TO ALL : Please just change the root password and thats it its not that hard just click on this link and it will show you step by step on how to do it ..

How To Change the iPhone’s Root Password | Just Another iPhone Blog

Dont forget to hitt the " thanks " if it helped you .

[bobsco]

Its simple to avoid. Just change the password from alpine to whatever you want. Issue resolved. I can't live without ssh so its a no brainer.

[nudge2232]

Has anyone had the thought that maybe Apple are behind these "attacks" to scare people away from jailbreaking?

[hancoma]

What is this, the 3rd 'worm' in as many weeks due to this issue?
I cannot believe this is still occurring. Seriously, once I used Cyberduck with SSH, that was the first thing I changed.

I think this is the result of a lot of people simply doing 'cool' things on their phone and do not really understand the ramifications of leaving ANY passwords in default...
I believe this will only get worse as JB becomes more mainstream.

WOW!!

[mr117]

Isn't it, really, "You are, Number 6"? Oops, I gave it all away.

You know, for us Mac-ies, there are other ways to access files. I use iFuntastic, I ain't 'fraid of no worm!

[n00neimp0rtant]

Oh, the SSH "hacker" sh!t again? Really? This is getting pretty old.