First iPhone Worm Found
Posted by: fivex
Date: 2009-11-14 04:02:22
We have located the first iPhone worm, dubbed as Ikee. It's currently spreading in the wild, but it's only able to infect devices that have been "jailbroken" by their owners. Jailbreaking removes iPhone's protection mechanisms, allowing users to run any software they want.
Affected users will find that their iPhone wallpaper has been altered to a picture of Rick Astley (of Rickroll fame) and the message "ikee is never going to give you up".
ikee iPhone worm
[img]http://www.f-secure.com/weblog/archives/photo.jpg[/img]
The worm targets users who have jailbroken their phone but have not changed their default root login password. It will search for vulnerable iPhones by scanning a handful of IP ranges most of which are in Australia. At the moment, we have no confirmed reports of Ikee outside of Australia.
After Ikee infects a phone, it disables the SSH service, preventing reinfection.
To protect your jailbroken iPhone, change your root password. Here's how.
The creator of the worm has released full source code of the four existing variants of this worm. This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed.