Money Matters, Simplified.
'Duh' proves serious than "ikee" worm for iPhone users
by Jaspreet Virk - November 24, 2009 - comments
"Duh" scans IP addresses, and if it finds a jailbroken iPhone, it gets transferred onto the device and adds the iPhone to a mobile botnet
New York, November 24 -- November is proving tough for jailbroken iPhone users as another iPhone worm has been spotted running wild and targeting users in Australia, Netherlands, Portugal and Hungary.
Currently, there are three worms targeting jailbroken iPhones that have installed Unix software SSH (secure shell) with Apple's default root password "alpine" still in use.
The first worm dubbed ‘ikee’ changes the default wallpaper on the Iphone to the picture of Rick Astley, a British pop star who sang Never Gonna Give You Up", and displays a message saying “ikee is never going to give you up”.
Another dubbed ‘iPhone/Privacy.A’ allows the hacker to silently copy all personal information like e-mail, contacts, SMS messages, calendars and multimedia files.
The third worm, which has just been identified, not only collects all personal information but also directs Dutch bank customers to fake phishing sites.
“Duh” proves expensive for iPhone users
As anticipated by technology consultants, ikee has exposed the vulnerability of iPhones and more serious worms are out in the open, taking advantage of the default password used by the SSH Unix utility.
The latest worm dubbed "Duh" by U.K.-based security firm Sophos, is related to ikee in its approach but not code.
It changes the default “alpine” password to “ohshit" password, stated Chester Wisniewski, a senior security advisory with Sophos.
The worm scans IP addresses and if it finds a jailbroken iPhone, it gets transferred onto the device and adds the iPhone to a mobile botnet.
Further, it connects all attacked devices to a central server in Lithuania to send spams to be delivered to other devices. Another one of its tasks is to get hold of authentication code, used by customers while carrying out banking transactions.
Getting rid of worms
Jailbroken iPhone users can try the following methods to get rid of the worms. Users with iPhones infected with ikee worm can download Mobile Terminal app from Cydia on their devices.
Once you have installed it, reboot your iPhone. Then start MobileTerminal app and type the command 'passwd’. This will change your mobile password. To change root password, type ‘root’ and ‘alpine’ as the current root password.
Once you are logged in, type ‘passwd’ command again and press enter. Your device will ask you to enter new password twice (type all commands without quotes) and "ikee" will surely give up.
To get rid of second worm, users can use the anti-virus software on their computers. For users attacked with the third worm, there is no cure yet, but they should keep a back up, update and restore their devices.