Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

iPhone Worm Hits Australia

0 views
Skip to first unread message

News

unread,
Nov 10, 2009, 12:30:06 PM11/10/09
to
First iPhone Worm Hits Australia


By: Brian Prince
2009-11-09

The first known worm for Apple's iPhone is spreading on jail-broken
iPhones in Australia. The worm takes advantage of the default password
for SSH used by many jail-broken phones and places an image of 1980s pop
singer Rick Astley on the device.

The first known worm for the Apple iPhone is sweeping across Australia,
and it is taking advantage of default SSH passwords on jail-broken phones.

The attack vector is the same as the one exploited by a Dutch teenager
last week in a brief extortion attempt. This time around, the mind
behind the attack isn�t doing anything bad�unless you don�t like having
English pop singer Rick Astley as your wallpaper.

Once installed, the worm�known as ikee�tries to find other iPhones on
the mobile phone network that are vulnerable so it can propagate. On
each installation, the worm changes the lock background wallpaper to an
image of the 1980s singer with the message: �ikee is never going to give
you up.�

�Ashley Towns, the author of the worm, says he personally infected 100
jail-broken iPhones,� said Graham Cluley, senior technology consultant
at Sophos. �Those iPhones would then have tried to infect other
jail-broken iPhones, and so on, and so on.�

The jail-broken iPhones impacted by the worm are running an SSH with the
iPhone's default password. Last week, news reports surfaced that a Dutch
attacker used the same situation in combination with port scanning and
OS fingerprinting to find iPhones in T-Mobile�s 3G IP range to install
backdoors on the phones and scare users into paying �5 (US$7.43) for
instructions on how to thwart the attack.

Security vendor F-Secure reported that the latest attack scans a handful
of IP ranges, mostly in Australia. As of Sunday, the company had no
confirmed reports of the worm outside of Australia. The company noted
that there are four variants of the worm, and that Towns has provided
full source code for the malware. That means more variants could be
forthcoming, and both Cluley and F-Secure agreed the next payload could
be worse.

�We can only hold our breath and hope it doesn't happen,� Cluley said.
�Unfortunately the genie is out of the bottle as the worm's code has
been published on the Web. It would be relatively trivial for malicious
hackers to adapt the code to make the worm more financially motivated
rather than mischievous.�

Adrian C

unread,
Nov 10, 2009, 12:56:18 PM11/10/09
to
News wrote:

> The first known worm for Apple's iPhone is spreading on jail-broken
> iPhones in Australia. The worm takes advantage of the default password
> for SSH used by many jail-broken phones and places an image of 1980s pop
> singer Rick Astley on the device.

Superb.

--
Adrian C

Message has been deleted

Per Rønne

unread,
Nov 10, 2009, 1:25:55 PM11/10/09
to
News <Ne...@Group.Name> wrote:

> The first known worm for Apple's iPhone is spreading on jail-broken
> iPhones in Australia.

Moral: Don't jail-break your iPhone :-).
--
Per Erik R�nne
http://www.RQNNE.dk
Errare humanum est, sed in errore perseverare turpe

nospam

unread,
Nov 10, 2009, 1:39:57 PM11/10/09
to
In article <michelle-37B260...@news.eternal-september.org>,
Michelle Steiner <mich...@michelle.org> wrote:

> To get infected you must
> 1. jailbreak the phone
> 2. use SSH

more accurately, install sshd and enable incoming connections.

you can use ssh (outbound) and not be at risk, and you don't even need
to jailbreak to do that.

> 3. not change the password

nospam

unread,
Nov 10, 2009, 1:40:57 PM11/10/09
to
In article <1j8zcge.bx0qf08yfvv2N%p...@RQNNE.invalid>, Per R�nne
<p...@RQNNE.invalid> wrote:

> > The first known worm for Apple's iPhone is spreading on jail-broken
> > iPhones in Australia.
>
> Moral: Don't jail-break your iPhone :-).

it's not jailbreaking that's the issue, it's ssh that is left open with
a known password. either don't install ssh or change the password.

Mike

unread,
Nov 10, 2009, 2:45:23 PM11/10/09
to
News wrote:

> �We can only hold our breath and hope it doesn't happen,� Cluley said.
> �Unfortunately the genie is out of the bottle as the worm's code has
> been published on the Web. It would be relatively trivial for malicious
> hackers to adapt the code to make the worm more financially motivated
> rather than mischievous.�

What could possibly be worse than putting a picture of Rick Astley on
your phone, they haven't got a pic of Larry have they?!!

Mike

Your Name

unread,
Nov 10, 2009, 2:52:27 PM11/10/09
to

"Mike" <mikelovescham...@googlemail.com> wrote in message
news:hdcfrp$n80$1...@news.eternal-september.org...
> News wrote:
>
> > �We can only hold our breath and hope it doesn't happen,� Cluley said.
> > �Unfortunately the genie is out of the bottle as the worm's code has

> > been published on the Web. It would be relatively trivial for malicious
> > hackers to adapt the code to make the worm more financially motivated
> > rather than mischievous.�

>
> What could possibly be worse than putting a picture of Rick Astley on
> your phone, they haven't got a pic of Larry have they?!!

Nope, but there's another worm called "Larry" that does turn all your
incoming messages into gibberish, lies, misinformation and nonsense. ;-)

Adrian C

unread,
Nov 10, 2009, 2:53:06 PM11/10/09
to
Michelle Steiner wrote:
> In article <7ltnreF...@mid.individual.net>,
> To get infected you must
> 1. jailbreak the phone
> 2. use SSH
> 3. not change the password
>

So one of these won't work then ...

http://www.youtube.com/watch?v=YzaNXBXuFPA

(sorry)

--
Adrian C

Mike

unread,
Nov 10, 2009, 2:59:42 PM11/10/09
to
Your Name wrote:
> "Mike" <mikelovescham...@googlemail.com> wrote in message
> news:hdcfrp$n80$1...@news.eternal-september.org...
>> News wrote:
>>
>>> �We can only hold our breath and hope it doesn't happen,� Cluley said.
>>> �Unfortunately the genie is out of the bottle as the worm's code has

>>> been published on the Web. It would be relatively trivial for malicious
>>> hackers to adapt the code to make the worm more financially motivated
>>> rather than mischievous.�

>> What could possibly be worse than putting a picture of Rick Astley on
>> your phone, they haven't got a pic of Larry have they?!!
>
> Nope, but there's another worm called "Larry" that does turn all your
> incoming messages into gibberish, lies, misinformation and nonsense. ;-)
>

I think that's infected the network at work.

Mike

Per Rønne

unread,
Nov 10, 2009, 3:09:25 PM11/10/09
to
nospam <nos...@nospam.invalid> wrote:

Partly, jailbreaking /is/ the issue - but of course it is making things
worse when ssh has been installed without changing the password ...

nospam

unread,
Nov 10, 2009, 3:15:22 PM11/10/09
to
In article <1j8zgav.5jwwep1dv2czkN%p...@RQNNE.invalid>, Per R�nne
<p...@RQNNE.invalid> wrote:

> > > > The first known worm for Apple's iPhone is spreading on jail-broken
> > > > iPhones in Australia.
> > >
> > > Moral: Don't jail-break your iPhone :-).
> >
> > it's not jailbreaking that's the issue, it's ssh that is left open with
> > a known password. either don't install ssh or change the password.
>
> Partly, jailbreaking /is/ the issue - but of course it is making things
> worse when ssh has been installed without changing the password ...

jailbreaking is *not* the issue. a jailbroken phone is immune to this
exploit if sshd is not installed, or if it is installed, by changing
the default password. the problem is *ssh*.

Mark Crispin

unread,
Nov 10, 2009, 4:08:53 PM11/10/09
to
On Tue, 10 Nov 2009, nospam posted:

> jailbreaking is *not* the issue. a jailbroken phone is immune to this
> exploit if sshd is not installed, or if it is installed, by changing
> the default password. the problem is *ssh*.

Of course the problem is ssh and not jailbreaking.

Apple fanboys will pick any excuse to denounce jailbreaking, since
jailbreaking defies Apple's walled garden and defying Apple is the Worst
Sin for fanboys.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.

Message has been deleted

Larry

unread,
Nov 10, 2009, 10:50:23 PM11/10/09
to
"Your Name" <your...@isp.com> wrote in
news:hdcg72$vma$1...@lust.ihug.co.nz:

It puts a big picture of a Nokia N900 on your screen....hee hee...(c;]


--
Larry

Per Rønne

unread,
Nov 10, 2009, 10:59:26 PM11/10/09
to
Michelle Steiner <mich...@michelle.org> wrote:

> In article <alpine.OSX.2.00.0...@hsinghsing.panda.com>,


> Mark Crispin <m...@panda.com> wrote:
>
> > > jailbreaking is *not* the issue. a jailbroken phone is immune to this
> > > exploit if sshd is not installed, or if it is installed, by changing
> > > the default password. the problem is *ssh*.
> >
> > Of course the problem is ssh and not jailbreaking.
>

> Of course, without jailbreaking, you can't install sshd.

Exactly.

Per Rønne

unread,
Nov 11, 2009, 12:16:15 AM11/11/09
to
Per R�nne <p...@RQNNE.invalid> wrote:

> Michelle Steiner <mich...@michelle.org> wrote:
>
> > In article <alpine.OSX.2.00.0...@hsinghsing.panda.com>,
> > Mark Crispin <m...@panda.com> wrote:
> >
> > > > jailbreaking is *not* the issue. a jailbroken phone is immune to this
> > > > exploit if sshd is not installed, or if it is installed, by changing
> > > > the default password. the problem is *ssh*.
> > >
> > > Of course the problem is ssh and not jailbreaking.
> >
> > Of course, without jailbreaking, you can't install sshd.
>
> Exactly.

BTW, jailbreaking leads up to other problems. Just look at this:

<http://www.weatherpro.eu/>

I quote:

=
Please note: Jailbreak iPhones are not equipped to process in-app
purchases.
=

nospam

unread,
Nov 11, 2009, 1:23:42 AM11/11/09
to
In article <1j905gz.g0wf92l5wcjkN%p...@RQNNE.invalid>, Per R�nne
<p...@RQNNE.invalid> wrote:

> Please note: Jailbreak iPhones are not equipped to process in-app
> purchases.

that's false.

Per Rønne

unread,
Nov 11, 2009, 2:15:58 AM11/11/09
to
nospam <nos...@nospam.invalid> wrote:

Then tell the Weather Pro developers.

Todd Allcock

unread,
Nov 11, 2009, 1:20:55 AM11/11/09
to
At 11 Nov 2009 06:16:15 +0100 Per Rønne wrote:

> BTW, jailbreaking leads up to other problems. Just look at this:
>
> <http://www.weatherpro.eu/>
>
> I quote:
>
> =
> Please note: Jailbreak iPhones are not equipped to process in-app
> purchases.
> =

From what you've linked, it sounds like in-app purchases in their
particular app are problematic anyway. A quick Google search didn't find
any references to in-app purchases being a common problem for jailbroken
phones.

Jailbreaking probably causes some problems, but I'd suspect most stem
from the particular "unapproved" apps jailbreakers choose to run.


Bandwidth

unread,
Nov 12, 2009, 12:32:39 AM11/12/09
to
Mike wrote:
>
> What could possibly be worse than putting a picture of Rick
> Astley on your phone


Changing the ringtone to a Rick Astley song. Imagine the
embarrassment when your phone rings.


Peter.

Per Rønne

unread,
Nov 12, 2009, 1:02:09 AM11/12/09
to
Todd Allcock <elecc...@AnoOspamL.com> wrote:

Perhaps. I use the application but have no intention of purchasing extra
facilities to it.

Mike

unread,
Nov 12, 2009, 3:15:05 AM11/12/09
to

You win!

Mike

atec7 7

unread,
Nov 12, 2009, 3:34:03 AM11/12/09
to
All the rick phone ring suggest is gay>and takes in the ring
some blokes are like that
Message has been deleted

atec7 7

unread,
Nov 12, 2009, 9:57:30 AM11/12/09
to
Michelle Steiner wrote:
> In article <hdgg68$b32$2...@news.eternal-september.org>,
> What I want to know is "Who is Rick Astley?"
>
Well he aint Carmen Miranda

Jon Ribbens

unread,
Nov 12, 2009, 10:27:59 AM11/12/09
to
On 2009-11-12, Michelle Steiner <mich...@michelle.org> wrote:
> What I want to know is "Who is Rick Astley?"

http://en.wikipedia.org/wiki/Rickrolling

Message has been deleted
Message has been deleted

Your Name

unread,
Nov 12, 2009, 3:02:08 PM11/12/09
to

"Bandwidth" <@radiouk.com> wrote in message
news:4AFB9DF7...@radiouk.com...

It could be worse ... you could end up with Britney Spears ring tones. ;-)


Your Name

unread,
Nov 12, 2009, 3:03:44 PM11/12/09
to

"Michelle Steiner" <mich...@michelle.org> wrote in message
news:michelle-A059DB...@news.eternal-september.org...
> In article <slrnhfoad4.4...@snowy.squish.net>,

> Jon Ribbens <jon+u...@unequivocal.co.uk> wrote:
>
> > > What I want to know is "Who is Rick Astley?"
> >
> > http://en.wikipedia.org/wiki/Rickrolling
>
> Oh, *that* Rick.

Just another one-hit-wonder "created" by the music industry because he
looked good to females, rather than someone who actually has any talent.


atec7 7

unread,
Nov 12, 2009, 3:08:32 PM11/12/09
to
I wonder if it would still lip sync ?

alexd

unread,
Nov 12, 2009, 4:35:47 PM11/12/09
to
Meanwhile, at the alt.internet.wireless Job Justification Hearings, Per R�nne
chose the tried and tested strategy of:

> Michelle Steiner <mich...@michelle.org> wrote:

>> Of course, without jailbreaking, you can't install sshd.
>
> Exactly.

By that logic, buying an iphone is the problem.

--
<http://ale.cx/> (AIM:troffasky) (UnSoEs...@ale.cx)
21:34:33 up 25 days, 23:09, 4 users, load average: 0.13, 0.22, 0.17
"Stupid is a condition. Ignorance is a choice" -- Wiley Miller

Mike

unread,
Nov 12, 2009, 6:22:53 PM11/12/09
to

It might have a melt down ....

Mike

0 new messages