+ Reply
Results 1 to 5 of 5

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: 2nd Worm hit Jailbroken iPhones

is a discussion within the

Member Written iPhone News

forums, a part of the

iPhone News

section;
Just read this from BBC news >>> New iPhone worm can act like botnet say experts A second worm to hit the iPhone has been unearthed by security company F-Secure.
...
  1. #1
    iPhone? More like MyPhone mixi92's Avatar
    Join Date
    Sep 2007
    Location
    US/RP
    Posts
    115
    Thanks
    12
    Thanked 32 Times in 25 Posts

    Default 2nd Worm hit Jailbroken iPhones
    Just read this from BBC news >>>

    New iPhone worm can act like botnet say experts

    A second worm to hit the iPhone has been unearthed by security company F-Secure.

    It is specifically targetting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING Direct.

    It redirects the bank's customers to a look-a-like site with a log-in screen.

    The worm attacks "jail-broken" phones - a modification which enables the user to run non-Apple approved software on their handset.

    The handsets at risk also have SSH (secure shell) installed.

    SSH is a file-transfer program that enables users to remotely connect to their phones. It comes with a default password, "alpine" which should be changed.

    Users who have installed SSH and not changed the password are especially at risk.

    The new worm is more serious than the first because it can behave like a botnet, warns F-Secure.

    This enables the phone to be accessed or controlled remotely without the permission of its owner.

    'Clearly malicious'

    "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC.

    "It's fairly isolated and specific to Netherlands but it is capable of spreading."

    He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot.

    A spokesperson for ING Direct said that a warning was going to be put on the bank's official website.

    "We are also briefing call centre personnel," she added. "It's important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands."

    The first iPhone worm, called ikee, was harmless. Users with infected phones found their wallpaper replaced with a picture of 1980s popstar Rick Astley.

    It also targeted jail-broken phones which were SSH enabled.

    Its creator Ashley Towns said he wrote the ikee program in order to raise the issue of iPhone security.



    So, if your a Jailbroken iPhone owner, have installed SSH you can easily change your password. The instruction can be found on cydia, and is as follows;


    0: Install MobileTerminal Package
    MobileTerminal Package

    1: Run MobileTerminal

    This program will be on your SpringBoard are called "Terminal".

    2: Obtain Administrator Access

    Run "su root" and provide the root password. The default password as provided by Apple is "alpine".

    Here I also run "cd" only to shorten the otherwise very long prompt.
    iPhone:~ mobile$ su root
    Password:
    iPhone:/var/mobile root# cd
    iPhone:~ root#

    3: Change the root Password

    Run "passwd" and type in your new password twice. Please note that your keypresses will not be displayed on the terminal screen (for security).
    iPhone:~ root# passwd
    Changing password for root.
    New password:
    Retype new password:
    iPhone:~ root#

    4: Change the mobile Password

    This is the regular user account on the device. Run "passwd mobile" and repeat as directed above.
    iPhone:~ root# passwd mobile
    Changing password for mobile.
    New password:
    Retype new password:
    iPhone:~ root#

    5: Close MobileTerminal

    Congratulations! Your job is done!

    Sorry too long of a post.
    Be safe everyone and lets keep the community informed & safe as well.
    Last edited by mixi92; 11-23-2009 at 05:54 AM.

  2. The Following 2 Users Say Thank You to mixi92 For This Useful Post:

    allanes5 (11-24-2009), mahgninnuc93 (11-23-2009)

  3. #2
    Peanut Brain confucious's Avatar
    Join Date
    Oct 2008
    Location
    Woking
    Posts
    10,262
    Thanks
    139
    Thanked 911 Times in 827 Posts

    BBC News - New iPhone worm can act like botnet say experts

    Everyone should have changed their default p/word by now - if you haven't, do it now!
    He who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.

  4. #3
    iPhone? More like MyPhone mahgninnuc93's Avatar
    Join Date
    Oct 2008
    Location
    Sacramento, Ca.
    Posts
    249
    Thanks
    29
    Thanked 10 Times in 10 Posts

    Thanks for the 411. Took me about 4 minutes to do the whole thing.

  5. #4
    What's Jailbreak?
    Join Date
    Jul 2009
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    mobile terminal crashes every time. I already reinstalled it several time.
    Do I need to worry if I do not have openSSH intalled?

  6. #5
    iPhone? More like MyPhone
    Join Date
    Nov 2008
    Posts
    291
    Thanks
    79
    Thanked 9 Times in 9 Posts

    Thanks

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts