Broadband Tech > Security > Security > New Malicious iPhone Worm in the wild

New Malicious iPhone Worm in the wild

Doesn't seem to be a big deal or all that novel. Anyone who jailbreaks their phone will be smart enough to change the SSH password or turn SSH off all together. I looked at what appears to be the worm code, and it is nothing but a simple bash shell script.

reply to VikingBob
The Register has a good write-up here. VikingBob

Edit to add:
From: Wired Gadget Lab

quote:

---

A second iPhone worm is in the wild, and unlike the jokey Australian worm authored by hacker prankster Ikee two weeks ago, this one is dangerous.

Unlike Ikee’s hack, which merely rick-rolled owners of infected iPhones, the new Dutch variant targets customers of the bank ING. When triggered, the worm redirects users visiting the banking site to an address in Lithuania which shows a fake login screen for ING online banking. It is essentially a phishing attack run on compromised iPhones.

The panic that will inevitably spread from this story is unjustified. First, if you are a regular iPhone customer you are safe, even if you are in the Netherlands. This is because, like the Ikee hack before it, the new worm will only work on a jailbroken, or hacked iPhone. Further, you will have to explicitly install SSH remote access, and then you will have to leave the root password at its default, which is alpine.

If that means nothing to you, you don’t have any reason to worry. If that does mean something to you, shame on you! You should go change that password right now.

And don’t forget, you’ll also need to live in Holland and to be a customer of the ING bank for this to work. This could explain why this “security breach”, according to the BBC, has only affected a few people: “The number of infected phones was thought to be in the hundreds rather than thousands.” And how does it spread itself? “The worm could jump from phone to phone among owners using the same wi-fi hotspot.”

While we shouldn’t ignore the threat of malware to our increasingly powerful and connected mobile devices, neither should we panic. The news of a genuine iPhone-killing piece of software seems to be treated with the same glee as news of a virus for the Mac. Thankfully, none yet exist.

---

reply to VikingBob
The Dutch banc ING has put today a warning on its site:

»www.ing.nl/particulier/internetb···009.aspx

Quote in Dutch:

quote:

---

23 november: Let op: aanval gericht op gekraakte iPhone houders
Sinds dit weekeinde is een crimineel netwerk actief dat via de iPhone persoonlijke gegevens als TAN-codes kan achterhalen. De aanval is gericht op rekeninghouders van ING in Nederland die een gekraakte iPhone hebben en op die telefoon hun TAN-codes ontvangen.

---

reply to VikingBob
password advice sourced from here.
»www.theage.com.au/digital-life/i···e7t.html

"Ducklin advised all iPhone owners to change the root password on their phones from the default setting of "alpine".

Those already infected will find their root password has been changed to "ohshit". "

Didn't bother to read the other articles yet. No time.
--
Paradigm Shift beta test pilot. So far nothing to report.
Now is the not right time to stop folding.

reply to Jrb2