Malicious New iPhone Worm Attacks Jailbroken Phones

By Chad Berndtson, CRN
November 23, 2009 1:15 PM ET

A new worm targeting jailbroken iPhones is much more serious than previous iPhone worms seen this year. That's the word from experts who have been tracking the new worm since the weekend, describing it as "malicious" and dangerous to iPhone users in that it can phish for bank passcodes.

Observers say that while the iPhone worm only attacks jailbroken iPhone and iPod Touches, it uses command-and-control techniques like a PC botnet would and, when triggered, can redirect customers to a log-in screen for ING bank accounts and potentially steal passwords.

According to Sophos and other sources, the worm compromises the jailbroken iPhone, then replaces the phone's SSH remote login software, changes the root password and examines the iPhone's SMS database, then hunts for other vulnerable phones on the local network. The worm hunts jailbroken iPhones on a number of ISPs, including Australia's Optus, the Netherlands' UPC, and T-Mobile in several countries.

"It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server (HTTP) to upload stolen data and cede control to the bot master," wrote Sophos' Chester Wisniewski on a Sophos company blog Saturday.

Sophos and other security specialists picked up on reports from a Dutch ISP on a large amount of data traffic related to the worm. A translated post from a Dutch security blog, Secure.nl, posted to Slashdot and other news and news aggregator sites over the weekend, was first to describe some of the worm's characteristics.

One way to spot the worm on an iPhone, according to Sophos, is an extremely low battery life -- the worm is said to drain battery life rapidly because it's doing so much network activity at once. Users with jailbroken iPhones affected by the worm should restore Apple firmware in iTunes, Sophos recommended, to wipe their phones clean.

The new worm comes on the heels of another recent Apple iPhone worm, which targeted jailbroken iPhones as well and "Rickrolled" them, posting a picture of British pop star Rick Astley to the iPhone's wallpaper.

To continue reading this article, please download the CRN Tablet Edition app from the iPad App store.

Related: Videos | Slide Shows | ChannelCasts | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Bit9 Security Survey: Nobody Wants To Be A Headline What's keeping IT security professionals awake at night? These survey results provide insight into perceived threats and vulnerabilities, the effectiveness of security practices, and opinions about disclosure practices.
	Nix That Click: Six Scareware Scams To Watch Out For SpywareRemove.com provides a list of some of the nastiest rogue antispyware programs out there -- designed to trick people into paying to remove malware from their computers.
	Malicious Malware: Six Ways Cybercriminals Beat Security Cybercriminals have become adept at going around the latest security defenses. Here's a list of some of the most innovative malware in use today.
	More Slide Shows