Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
11-25-2009, 02:53 AM #1
Got Worms? How to Clean your Infected iPhone
Recently we covered an article about the new iPhone worm that has been going around which affects users with OpenSSH installed and have not changed the default password. It started off innocent and escalated to something more threatening.
While there is of course the ability to change your password, some of you might not be so lucky and worms could be crawling your iPhone. Do not fret, as today I bring you some options for cleaning your iPhone. While not all of these options will bring you success, at least you'll know what your options are.
You'll need to download a copy of MobileTerminal from Cydia before hand, so if you don't already have that, go grab it now.
There are three worms currently going around, and of course lucky for us, each one requires a different fix.
Open MobileTerminal and use these commands to delete the unwanted files. These commands are case-sensitive.
1. The ikee/Rick Astley worm
This crude worm is non-threatening but unfortunately very ugly to look at.
In order to fix this ridiculous worm, we'll need to start up MobileTerminal and get into the root account directory. You will be required to enter a password. If you haven't changed it yet, the password is "alpine." Enter the following into MobileTerminal pressing enter after each command.
2. iPhone/Privacy A:
This bad boy likes to grab your personal information and send it to whomever it wishes
Slimy one this one is. In order to remove this stinky worm, you'll need to use an AntiVirus program. Intego's VirusBarrier X5 works great on the Mac and will catch it no problem. Unfortunately those on a PC don't get any useful tips on what virus program will detect this, but if you know, feel free to share your tip!
Of course you could also do a restore and that would solve your problem, but doing so you may lose personal information. Of course if you go this route, and install OpenSSH again, please for the love of god change your password.
3. The Third Worm (Insert Snappy Virus Name):
This one is a bit more rare and pertains more to your location.
It copies personal data from your iPhone and also redirects online banking customers of a Dutch bank to a phishing web site.
Unfortunately I have no good news for you if your looking for a quick fix on this one. You'll need to do a full restore to remove this pesky bugger. And of course the same applies, if you Jailbreak again, please for the love of god change your password!
UPDATE: A user in the replies has noted the following:
I read somewhere a couple of days ago (you'd have to google for it to confirm this) that the worm that redirects you to a fake bank website also changes your root password to "ohsh1t" (but the 1 is really an i, you get the idea). I don't know if this is the worm you have, but I'm just trying to help out...
Thanks to iSmashiPhone for the de-worming tips.
Check out our previous coverage on these Worms:
Malicious Worm Takes Aim at Jailbroken iPhones
Malware Allows Access to Jailbroken iPhones
Aussie Worm Rickrolls Jailbroken iPhones
Last edited by Nick Hesson; 11-25-2009 at 04:27 PM.
The Following User Says Thank You to Nick Hesson For This Useful Post:
11-25-2009, 03:03 AM #2
could you not install the 'iphone firewall' i forgot the name on cyida, and block all outgoing connections lol???
surely this would stop the worm in its tracks
Like A Boss
11-25-2009, 03:13 AM #3
11-25-2009, 03:54 AM #4
How do I change my password? I just got the Iphone and a buddy set up everything for me(blackrain, cydia, *********, etc)
jus found it in the forums but whats the old password?
OOps. I got it. Didnt see it above. Great forum
Last edited by dklst; 11-25-2009 at 03:54 AM. Reason: Automerged Doublepost
11-25-2009, 04:01 AM #5
11-25-2009, 04:47 AM #6
what i want to know is how can i tell if i have the 2nd and 3rd worm?
the first one is pretty easy to detect - but those two...
11-25-2009, 06:52 AM #7
can i get that worm i didn't install that open SSH?
11-25-2009, 07:16 AM #8
11-25-2009, 08:03 AM #9
how do you change the default password? This increase in malicious software is starting to freak me out. I hate restoring my phone.
11-25-2009, 08:59 AM #10
11-25-2009, 09:12 AM #11
no, its alpine, not apline
11-25-2009, 09:36 AM #12
thank goodness i've already changed my password. It's the first thing i did after installing it!
11-25-2009, 09:41 AM #13
i was talking to nickhesson
11-25-2009, 09:43 AM #14
How do you change your password?
11-25-2009, 09:46 AM #15
look at the article up page
11-25-2009, 09:49 AM #16
Alright after I logged in I went up to preferences and made a Master Password, was that what I was supposed to do? I don't like having to enter the master pass every time I want to login, there's no option to save the pass - it's like a password overtop of the alpine password, so alpine isn't changed. Every time I type in anything other than alpine in that slot, it says it needs a pre-authenticated password.
11-25-2009, 09:52 AM #17
i dont really know how to do all this stuff. besides, these worms aren't in the usa, only around europe.
11-25-2009, 09:54 AM #18
Has anyone created an app to change your passwords? I know the terminal and commands are not the complex to do, but still. Easy is Easy.
11-25-2009, 11:57 AM #19
11-25-2009, 12:47 PM #20
to change root password:
* install and run "Mobile Terminal"
* type su root at the shell prompt and tap enter
* type passwd and tap enter
* enter alpine for your old password
* enter new password
* enter new password again to confirm