RT @RehaAlev: Twitter to record all links users click http://bit.ly/94hGHx
34 minutes ago by muellermanfred on twitterZDNet / News / Security
Second iPhone worm behaves like botnet
Summary
update As with first malware, new worm affects SSH protocol in jailbroken iPhones but is "much more serious" as it may attempt to steal data, F-Secure warns.
Topics
electronics, consumer electronics, science and technology, apple iphone, hybrid electronic products, technology, smartphones, cellular phones, paul ducklin, antivirus software
Events
Social Media World Forum
22 - 23 Sep 2010
Suntec, Singapore
Asia CXO Leadership Summit - Singapore
7 Sep 2010
Marriott Hotel, Singapore
Governmentware 2010
28 - 30 Sep 2010
Suntec, Singapore
The 5th Annual CIO Forum Asia
28 Sep 2010
Singapore
Social Media Marketing and Measurement
6 - 7 Sep 2010
Parkroyal, Singapore
9 - 10 Sep 2010
Regal Hongkong Hotel, Hong Kong
IDC's Asia/Pacific Cloud Computing Conference 2010
31 Aug 2010
Marriott Hotel, Singapore
update A second iPhone exploit has been identified by security vendor F-Secure, which claims the new worm has botnet capability and is more threatening than its predecessor.
Mikko Hyponen, chief research officer at F-Secure, said in a blog post that the new worm, like the first, affects jailbroken iPhones with SSH (secure shell) protocol enabled and unchanged default passwords. The Finnish security company has yet to name the new threat.
Ikee, which was discovered earlier this month, was said to infect vulnerable phones in Australia. When the worm strikes, it alters the iPhone's wallpaper to an image of Rick Astley with the message "ikee is never going to give you up".
According to F-Secure, the latest worm connects to a Web-based command and control center in Lithuania.
"The worm is not widespread, but it is much more serious than the first iPhone worm as it seems to try to steal information from the devices," Hyponen said in the blog post.
In July, F-Secure indicated that the iPhone has a 10 percent share of the smartphone market. Symbian is currently the most popular smartphone platform, at 49 percent.
Altered password recovered
Paul Ducklin, Sophos' head of technology for the Asia-Pacific region, in a blog post Monday that the new worm he dubbed "Duh" changes the root password which is hidden from users.
Using a password cracker, Ducklin identified the new password as "ohshit". Using this password, users of infected phones can log back into their iPhones and remove the virus, he said.
In a follow-up e-mail to ZDNet Asia, Ducklin said users should upon login check for a directory named "/private/var/mobile/home", which hosts the viral files. Files named "inst", "cydia.tgz", "duh", "sshd" and "syslog" ought be be removed to deactivate the malware, he said.
"Don't have an 'ohshit' moment. Don't give jailbreaking a bad reputation. Change those passwords now," he urged. "Duh changes any password which is currently 'alpine', not just the root password. So fix any user accounts as well."
The latest worm, Ducklin pointed out, was "not unexpected" given the chain of events leading up to it. "A Dutch guy hacks into iPhones--using 'alpine' [as password]--to ask for 5 euros to explain how to secure your phone. There's a reaction.
"Two weeks later an Aussie builds on this idea by writing Ikee, a self-replicating attack, in what he blithely claims to have been an experiment gone wrong," he noted. "And two weeks after that, someone else builds on Ikee with the 'Duh' virus--using Ikee's idea for copying itself to other devices combined with a botnet-based command channel."
HP Data Protector delivers high-performance data protection at up to 70% lower TCO.
Tech Vendor: HP
Tech Vendor: HP
Latest Stories
ZDNet Asia Live
Using Parallel class for simple multithreading http://bit.ly/bZ3hpf
46 minutes ago by kittirak on topsyneed more
1 hour 22 minutes ago by jepsy on Is it too late to introduce 3G in India?
Using Parallel class for simple multithreading: In this programming tutorial about Parallel Exte... http://bit.ly/c0g5Wi - #AsiaToday #News
2 hours 9 minutes ago by AsiaTodayNews on twitter
RT @Colasoft: RT @zdnetasia: 12 most recommended network monitoring tools http://bit.ly/9KWQ96
2 hours 22 minutes ago by samchen2010 on twitter
RT @WilliamLark: Facebook adds new remote log-out security feature: Facebook users who log in from multiple devices will soon have ... http://bit.ly/ai5asr
3 hours 43 minutes ago by laristech on twitterFacebook adds new remote log-out security feature: Facebook users who log in from multiple devices will soon have ... http://bit.ly/ai5asr
3 hours 51 minutes ago by williamlark on topsy
Samsung: Galaxy Tab has leg up on Apple iPad http://bit.ly/9OPPUy
4 hours 21 minutes ago by RehaAlev on twitter
Samsung: Galaxy Tab has leg up on Apple iPad http://bit.ly/aD9zXt | #Droid #Android
4 hours 34 minutes ago by Droid_Phone on twitterToshiba recalls 41,000 laptops for overheating: U.S. Consumer Product Safety Commission says 129... http://bit.ly/axqc2a - #AsiaToday #News
4 hours 41 minutes ago by AsiaTodayNews on twitter
RT @zdnetasia: 12 most recommended network monitoring tools http://bit.ly/9KWQ96
4 hours 49 minutes ago by Colasoft on twitterGoogle, AOL renew search deal: Under the arrangement, Google provides search for AOL and the com... http://bit.ly/bif9sl - #AsiaToday #News
5 hours 11 minutes ago by AsiaTodayNews on twitterAcer comes back down to earth, Dell rises: Fastest-growing PC company of the last few years stum... http://bit.ly/byByP7 - #AsiaToday #News
5 hours 11 minutes ago by AsiaTodayNews on twitter
Securing consumer gadgets in the workplace: By Nick Heath, Silicon.com on September 3, 2010 (2 minutes ago) news a... http://bit.ly/ad12aw
5 hours 28 minutes ago by Gadget_Quest on twitterSecuring consumer gadgets in the workplace: By Nick Heath, Silicon.com on September 3, 2010 (2 minutes ago) news a... http://bit.ly/97Jth5
5 hours 30 minutes ago by wizmole on topsyGoogle, AOL remplacent l'affaire de recherche - ZDNet Asie: Google, AOL remplacent le dealZDNet Asie de re... http://bit.ly/dy9zaw #musique
5 hours 42 minutes ago by lafiliere on topsyI recommend checking 5pm for a good project management tool. (www.5pmweb.com). It makes the team collaboration easy and is friendly enou...
6 hours 40 minutes ago by Erica on Agile drivers for new project management toolsI am a student researching piracy for my computer course. My mother owns an epublishing company. Ebook piracy is also a huge problem in h...
6 hours 53 minutes ago by tasha6669 on SaaS no silver bullet for piracyFor more information regarding the lawsuit and the patents involved, check out Sunlight Research's upcoming webinar "Will Oracle’s Java...
13 hours 18 minutes ago by Sunlight on Legal woes no impact on Android ecosystem yetGoogle search does not seem to be made for 5 years old kids,anyway your child will learn to say and understand the meaning of this senten...
23 hours 32 minutes ago by irajjs on Facing reality from a Google search about Echo of AmboseliAnother project software is http://www.proofhub.com/. I have used it and it is really good. It contains many new features which you can u...
1 day 28 minutes ago by Barry on Check out Project alternatives: Basecamp and QuickBaseBut iTunes music does not apply to Asia. We STILL CAN'T BUY music from iTunes!!!
1 day 22 minutes ago by maxxtotal on Study: Music, not apps, rules iTunesSadly, asia will probably not get it ...
2 days 24 minutes ago by mingnow on Apple TV to launch with NetflixI read a great deal of blogs, and I have not come across an article that articulates these points so well.
2 days 52 minutes ago by barbaragabogrecan on Is NBN really needed in Australia?The project is very much pro India & may be necessary. But I think it is too futuristic for India which lacks even basic information secu...
3 days 55 minutes ago by amit039 on Should India now look forward to unique ID cards?Hamein Malum Hai Jannat ki Haqiqat Lekin Ghalib, Dil Behelane ko Khayal Achcha Hai As kids and as people who do not want to learn about ...
3 days 54 minutes ago by deepak.sogani on Facing reality from a Google search about Echo of AmboseliCheck out this article on using the Droid X in the Enterprise: http://forum.maas360.com/go/mobileitexpertise/the-x-factor-my-first-week-...
3 days 52 minutes ago by dlima on Five Android apps for enterprise usersI total agree that being married does not automatically make a person a better boss. Neither would I say being single makes you better re...
3 days 11 minutes ago by mingnow on Being married doesn't make one a better bossA very painful way of getting introduced to death. I remember watching 'haati mera saati' around the same age and weeping for day...
4 days 51 minutes ago by Benno on Facing reality from a Google search about Echo of AmboseliI have had to good fortune to use all operating Systems (OS) listed in your article, including Solaris. For the most part, I derive the m...
4 days 42 minutes ago by wanderson on 10 differences between Linux and BSDKeep Up With ZDNet Asia
Facebook 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
Asia CXO Leadership Summit - Singapore
Join Boeing CIO Timothy Wente and Your Peer CXOs for an Inspiring Program!
Register for Governmentware 2010 today!
Join us at Asia's Premier Infocomm Security Conference from 28 Sep - 30 Sep
Download your complimentary UPS Resource Kit!
Use these featured resources to optimize your power protection and management.
Take the Poll & WIN a HP Mini!*
Simply tell us what backup and recovery challenges you are currently facing.
Stop Waiting Start Switching to Juniper
Free Gartner Report shows it reduces costs and increases efficiency
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
Second iPhone worm behaves like botnet
They posted more information on this virus at http://dotdoh.com/?p=504