Techtree News Staff, Nov 24, 2009 1408 hrs IST
Aims to steal the bank account information stored in the device
Recently, the first ever iPhone worm attacked jailbroken iPhones and messed around with the lock screen background. Now, a new worm attacking jailbroken iPhones and iPod Touch devices has been discovered by Security.nl folks. This worm changes the SSH (Secured Shell) password, connects to the creator via Wi-Fi and shares banking details from user’s device. Sophos Security Researcher Chester Wisniewski said that this worm is pretty harmful by nature.
Jailbroken iPhones and iPod Touch devices have been attacked again by the same exploit that was used by the “ike_x” worm creator. The new worm strikes only the jailbroken iPhone OS devices, leaving the rest safe. Worm configures itself to boot on the device startup and then connects it to a server via HTTP to upload the stolen data. F-Secure’s security researcher Mikko Hypponen points out that the worm connects to a web-based command and control center via IP – 92.61.38.16 which originates from Lithuania.
The worm changes device’s default password from “alpine” to “ohshit” and also assigns a unique ID for further investigation by the attacker. Mostly, users on large range of ISPs from Netherlands, Australia and other countries where T-Mobile serves have been infected. The infection spreads quickly through Wi-Fi than through the 3G networks.
Those using jailbroken iPhones can install MobileTerminal App from the Cydia package manager and change the password. Below are the steps to change the password for jailbroken iPhones and iPod Touch Devices:
-Open Cydia, download MobileTerminal App and once done, run the app.
-Type command su root and hit enter (Return key).
-When prompted for password type alpine and hit enter (Return key).
-Then type passwd and hit enter (Return key).
-Type in a new password twice and secure your device from future SSH based attacks.
Other route is to restore the iPhone or iPod Touch with latest official firmware offered by Apple through iTunes. The new worm is not like the ikee worm which Rickrolls your device and annoys you with funny images. Instead, it aims to steal the bank account information stored on your iPhone or iPod Touch devices. Security experts state that this new worm can act like a botnet and do a major harm.
However, it should be noted that even non-jailbroken iPhones may get infected if they’re connected to the same Wi-Fi network to which infected jailbroken iPhone connects. At this moment, no method exists to know if non-jailbroken iPhones get infected with this virus or not.
http://www.techtree.com/India/News/Jailbroken_iPhones_Stormed_with_New_Worm/551-107679-582.html
Chandler Municipal Airport, AZ
Original Pembo is Offline : Last seen 09/02/10 playing Xbox.com