Jailbroken iPhones the target of new malicious worm - updated: new password revealed

Once again takes advantage of iPhones which have SSH installed and have not changed the default password

A new iPhone worm is on the loose and this time it has a sting in it’s tail – it’s malicious.

Security outfit F-Secure is reporting that it has picked up a sample of a malicious iPhone worm with botnet functionality, and like the Ikee worm, it only affects jailbroken iPhones which have SSH installed and have not changed the default password.

The company says the worm connects to a web-based command and control centre running at 92.61.38.16 in Lithuania.

“The worm is not widespread, but it is much more serious than the first iPhone worm as it seems to try to steal information from the devices,” the company reports on its security blog.

“We're working on full analysis and should have it available later.”

The new worm surfaces just weeks after the first iPhone worm, Ikee, emerged targeting Australian jailbroken iPhones changing users' phone wallpaper to an image of Rick Astley.

Email Computerworld or follow @computerworldau on Twitter.

Update: Sophos has reported that the worm, informally known as 'Duh', turns iPhones into zombies.

The company says Duh also changes the password on your iPhone editing the encrypted value of the password in the master password file, so that the new password is never revealed.

"If you're infected with this new iPhone virus, you really ought to say 'Duh', since you could so easily have prevented it by changing your password. You may also think 'ohshit' -- and if you do, the virus writers are having the last laugh, because that's the new root password,' Paul Ducklin, head of technology, Asia Pacific at Sophos.

Join the newsletter!

Error: Please check your email address.

Tags IkeeiPhonejailbreaking

More about F-SecureSophosSSH

Show Comments

Market Place