iPhone users in the Netherlands sporting jailbreaks are the targets of a new malicious worm.
The worm targets users who have unofficial Apple software (jailbreak) iPhones with SSH (secure shell) installed, and have failed to change the default password much like the Ikee worm. This worm isn’t going to change your wallpaper like Ikee but intends to steal your
personal information, specifically financial information.
ING Direct seems to be the primary target of the worm as it reportedly redirects
users from the legitimate ING site to a phishing scam look-a-like site.
F-Secure, security experts, report that this worm “connects to a web-based command & control center
running at 18.104.22.168 in Lithuania”
They’re also claiming it behaves like a botnet, which generally means there are multiple compromised computers / devices under command by malicious parties.
Mikko Hypponen research director for F-Secure told the BBC “There’s a clear financial motive behind it”.
In this case, iPhones would be taken over remotely without permission from the user turning the devices into botnets. Root passwords are changed potentially opening up the door for the hackers to do anything they want with your device and like the first, it exploits SSH to spread to other jailbroken iPhones.
Infected iPhones sharing an internet connection or hot spot could potentially
unknowingly spread the worm.
The new worm being called” Duh” reportedly has a wider reach than the first worm.
Duh searches IP’s outside of the Netherlands possibly affecting other countries although it hasn’t
That being said, if you have SSH installed on your Jailbroken iPhone device you’ll
want to change the default password “alpine”.
Image courtesy of Open clipart library Attribution licence