iPhone Worm Hits Australia

[News]

First iPhone Worm Hits Australia

By: Brian Prince
2009-11-09

The first known worm for Apple's iPhone is spreading on jail-broken
iPhones in Australia. The worm takes advantage of the default password
for SSH used by many jail-broken phones and places an image of 1980s pop
singer Rick Astley on the device.

The first known worm for the Apple iPhone is sweeping across Australia,
and it is taking advantage of default SSH passwords on jail-broken phones.

The attack vector is the same as the one exploited by a Dutch teenager
last week in a brief extortion attempt. This time around, the mind
behind the attack isn�t doing anything bad�unless you don�t like having
English pop singer Rick Astley as your wallpaper.

Once installed, the worm�known as ikee�tries to find other iPhones on
the mobile phone network that are vulnerable so it can propagate. On
each installation, the worm changes the lock background wallpaper to an
image of the 1980s singer with the message: �ikee is never going to give
you up.�

�Ashley Towns, the author of the worm, says he personally infected 100
jail-broken iPhones,� said Graham Cluley, senior technology consultant
at Sophos. �Those iPhones would then have tried to infect other
jail-broken iPhones, and so on, and so on.�

The jail-broken iPhones impacted by the worm are running an SSH with the
iPhone's default password. Last week, news reports surfaced that a Dutch
attacker used the same situation in combination with port scanning and
OS fingerprinting to find iPhones in T-Mobile�s 3G IP range to install
backdoors on the phones and scare users into paying �5 (US$7.43) for
instructions on how to thwart the attack.

Security vendor F-Secure reported that the latest attack scans a handful
of IP ranges, mostly in Australia. As of Sunday, the company had no
confirmed reports of the worm outside of Australia. The company noted
that there are four variants of the worm, and that Towns has provided
full source code for the malware. That means more variants could be
forthcoming, and both Cluley and F-Secure agreed the next payload could
be worse.

�We can only hold our breath and hope it doesn't happen,� Cluley said.
�Unfortunately the genie is out of the bottle as the worm's code has
been published on the Web. It would be relatively trivial for malicious
hackers to adapt the code to make the worm more financially motivated
rather than mischievous.�

[Adrian C]

News wrote:

> The first known worm for Apple's iPhone is spreading on jail-broken
> iPhones in Australia. The worm takes advantage of the default password
> for SSH used by many jail-broken phones and places an image of 1980s pop
> singer Rick Astley on the device.

Superb.

--
Adrian C

[Per Rønne]

News <Ne...@Group.Name> wrote:

> The first known worm for Apple's iPhone is spreading on jail-broken
> iPhones in Australia.

Moral: Don't jail-break your iPhone :-).
--
Per Erik R�nne
http://www.RQNNE.dk
Errare humanum est, sed in errore perseverare turpe

[nospam]

In article <michelle-37B260...@news.eternal-september.org>,
Michelle Steiner <mich...@michelle.org> wrote:

> To get infected you must
> 1. jailbreak the phone
> 2. use SSH

more accurately, install sshd and enable incoming connections.

you can use ssh (outbound) and not be at risk, and you don't even need
to jailbreak to do that.

> 3. not change the password

[nospam]

In article <1j8zcge.bx0qf08yfvv2N%p...@RQNNE.invalid>, Per R�nne
<p...@RQNNE.invalid> wrote:

> > The first known worm for Apple's iPhone is spreading on jail-broken
> > iPhones in Australia.
>
> Moral: Don't jail-break your iPhone :-).

it's not jailbreaking that's the issue, it's ssh that is left open with
a known password. either don't install ssh or change the password.

[Mike]

News wrote:

> �We can only hold our breath and hope it doesn't happen,� Cluley said.
> �Unfortunately the genie is out of the bottle as the worm's code has
> been published on the Web. It would be relatively trivial for malicious
> hackers to adapt the code to make the worm more financially motivated
> rather than mischievous.�

What could possibly be worse than putting a picture of Rick Astley on
your phone, they haven't got a pic of Larry have they?!!

Mike

[Your Name]

"Mike" <mikelovescham...@googlemail.com> wrote in message
news:hdcfrp$n80$1...@news.eternal-september.org...
> News wrote:
>
> > �We can only hold our breath and hope it doesn't happen,� Cluley said.
> > �Unfortunately the genie is out of the bottle as the worm's code has

> > been published on the Web. It would be relatively trivial for malicious
> > hackers to adapt the code to make the worm more financially motivated

> > rather than mischievous.�

>
> What could possibly be worse than putting a picture of Rick Astley on
> your phone, they haven't got a pic of Larry have they?!!

Nope, but there's another worm called "Larry" that does turn all your
incoming messages into gibberish, lies, misinformation and nonsense. ;-)

[Adrian C]

Michelle Steiner wrote:
> In article <7ltnreF...@mid.individual.net>,

> To get infected you must
> 1. jailbreak the phone
> 2. use SSH

> 3. not change the password
>

So one of these won't work then ...

http://www.youtube.com/watch?v=YzaNXBXuFPA

(sorry)

--
Adrian C

[Mike]

Your Name wrote:
> "Mike" <mikelovescham...@googlemail.com> wrote in message
> news:hdcfrp$n80$1...@news.eternal-september.org...
>> News wrote:
>>

>>> �We can only hold our breath and hope it doesn't happen,� Cluley said.
>>> �Unfortunately the genie is out of the bottle as the worm's code has

>>> been published on the Web. It would be relatively trivial for malicious
>>> hackers to adapt the code to make the worm more financially motivated

>>> rather than mischievous.�

>> What could possibly be worse than putting a picture of Rick Astley on
>> your phone, they haven't got a pic of Larry have they?!!
>
> Nope, but there's another worm called "Larry" that does turn all your
> incoming messages into gibberish, lies, misinformation and nonsense. ;-)
>

I think that's infected the network at work.

Mike

[Per Rønne]

nospam <nos...@nospam.invalid> wrote:

Partly, jailbreaking /is/ the issue - but of course it is making things
worse when ssh has been installed without changing the password ...

[nospam]

In article <1j8zgav.5jwwep1dv2czkN%p...@RQNNE.invalid>, Per R�nne
<p...@RQNNE.invalid> wrote:

> > > > The first known worm for Apple's iPhone is spreading on jail-broken
> > > > iPhones in Australia.
> > >
> > > Moral: Don't jail-break your iPhone :-).
> >
> > it's not jailbreaking that's the issue, it's ssh that is left open with
> > a known password. either don't install ssh or change the password.
>
> Partly, jailbreaking /is/ the issue - but of course it is making things
> worse when ssh has been installed without changing the password ...

jailbreaking is *not* the issue. a jailbroken phone is immune to this
exploit if sshd is not installed, or if it is installed, by changing
the default password. the problem is *ssh*.

[Mark Crispin]

On Tue, 10 Nov 2009, nospam posted:

> jailbreaking is *not* the issue. a jailbroken phone is immune to this
> exploit if sshd is not installed, or if it is installed, by changing
> the default password. the problem is *ssh*.

Of course the problem is ssh and not jailbreaking.

Apple fanboys will pick any excuse to denounce jailbreaking, since
jailbreaking defies Apple's walled garden and defying Apple is the Worst
Sin for fanboys.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.

[Larry]

"Your Name" <your...@isp.com> wrote in
news:hdcg72$vma$1...@lust.ihug.co.nz:

It puts a big picture of a Nokia N900 on your screen....hee hee...(c;]

--
Larry

[Per Rønne]

Michelle Steiner <mich...@michelle.org> wrote:

> In article <alpine.OSX.2.00.0...@hsinghsing.panda.com>,

> Mark Crispin <m...@panda.com> wrote:
>
> > > jailbreaking is *not* the issue. a jailbroken phone is immune to this
> > > exploit if sshd is not installed, or if it is installed, by changing
> > > the default password. the problem is *ssh*.
> >
> > Of course the problem is ssh and not jailbreaking.
>

> Of course, without jailbreaking, you can't install sshd.

Exactly.

[Per Rønne]

Per R�nne <p...@RQNNE.invalid> wrote:

> Michelle Steiner <mich...@michelle.org> wrote:
>
> > In article <alpine.OSX.2.00.0...@hsinghsing.panda.com>,
> > Mark Crispin <m...@panda.com> wrote:
> >
> > > > jailbreaking is *not* the issue. a jailbroken phone is immune to this
> > > > exploit if sshd is not installed, or if it is installed, by changing
> > > > the default password. the problem is *ssh*.
> > >
> > > Of course the problem is ssh and not jailbreaking.
> >
> > Of course, without jailbreaking, you can't install sshd.
>
> Exactly.

BTW, jailbreaking leads up to other problems. Just look at this:

<http://www.weatherpro.eu/>

I quote:

=
Please note: Jailbreak iPhones are not equipped to process in-app
purchases.
=

[nospam]

In article <1j905gz.g0wf92l5wcjkN%p...@RQNNE.invalid>, Per R�nne
<p...@RQNNE.invalid> wrote:

> Please note: Jailbreak iPhones are not equipped to process in-app
> purchases.

that's false.

[Per Rønne]

nospam <nos...@nospam.invalid> wrote:

Then tell the Weather Pro developers.

[Todd Allcock]

At 11 Nov 2009 06:16:15 +0100 Per Rønne wrote:

> BTW, jailbreaking leads up to other problems. Just look at this:
>
> <http://www.weatherpro.eu/>
>
> I quote:
>
> =
> Please note: Jailbreak iPhones are not equipped to process in-app
> purchases.
> =

From what you've linked, it sounds like in-app purchases in their
particular app are problematic anyway. A quick Google search didn't find
any references to in-app purchases being a common problem for jailbroken
phones.

Jailbreaking probably causes some problems, but I'd suspect most stem
from the particular "unapproved" apps jailbreakers choose to run.

[Bandwidth]

Mike wrote:
>
> What could possibly be worse than putting a picture of Rick
> Astley on your phone

Changing the ringtone to a Rick Astley song. Imagine the
embarrassment when your phone rings.

Peter.

[Per Rønne]

Todd Allcock <elecc...@AnoOspamL.com> wrote:

Perhaps. I use the application but have no intention of purchasing extra
facilities to it.

[Mike]

You win!

Mike

[atec7 7]

All the rick phone ring suggest is gay>and takes in the ring
some blokes are like that

[atec7 7]

Michelle Steiner wrote:
> In article <hdgg68$b32$2...@news.eternal-september.org>,

> What I want to know is "Who is Rick Astley?"
>
Well he aint Carmen Miranda

[Jon Ribbens]

On 2009-11-12, Michelle Steiner <mich...@michelle.org> wrote:
> What I want to know is "Who is Rick Astley?"

http://en.wikipedia.org/wiki/Rickrolling

[Your Name]

"Bandwidth" <@radiouk.com> wrote in message
news:4AFB9DF7...@radiouk.com...

It could be worse ... you could end up with Britney Spears ring tones. ;-)

[Your Name]

"Michelle Steiner" <mich...@michelle.org> wrote in message
news:michelle-A059DB...@news.eternal-september.org...
> In article <slrnhfoad4.4...@snowy.squish.net>,

> Jon Ribbens <jon+u...@unequivocal.co.uk> wrote:
>
> > > What I want to know is "Who is Rick Astley?"
> >
> > http://en.wikipedia.org/wiki/Rickrolling
>

> Oh, *that* Rick.

Just another one-hit-wonder "created" by the music industry because he
looked good to females, rather than someone who actually has any talent.

[atec7 7]

I wonder if it would still lip sync ?

[alexd]

Meanwhile, at the alt.internet.wireless Job Justification Hearings, Per R�nne
chose the tried and tested strategy of:

> Michelle Steiner <mich...@michelle.org> wrote:

>> Of course, without jailbreaking, you can't install sshd.
>
> Exactly.

By that logic, buying an iphone is the problem.

--
<http://ale.cx/> (AIM:troffasky) (UnSoEs...@ale.cx)
21:34:33 up 25 days, 23:09, 4 users, load average: 0.13, 0.22, 0.17
"Stupid is a condition. Ignorance is a choice" -- Wiley Miller

[Mike]

It might have a melt down ....

Mike