Intego confirms the information released by F-Secure in the afternoon on the new and dangerous iPhone worm. A very insidious malware on which the French software house specialized in security software adds several details, in particular concerning the prospect of an international spread of illegal activity.
The hypothesis emerges from the examination of the IP addresses that are retrieved by the worm once it starts operating on the iPhone and touch. The program in fact looks for other Apple paperbacks to attack by examining IP addresses not only located in the Netherlands (where the worm is currently active) but also from Portugal, Hungary and Australia.
Intego, which christened the new worm with the name iBotnet.A, also adds how once installed the program changes the standard "alpine" password of the SSH services with the new password "ohshit" in this way prevents the user from changing the password once the infection is in progress. In the new security alarm just released Intego explains that the worm connects iPhone and touch with a server located in Lithuania not only to send the stolen data and SMS but also to download further malicious software. Thanks to the latter, iPhones and touches can be transformed into botnets that can be used remotely by pirates to generate other attacks via the Internet, spread malware and spam and so on.
In addition to re-addressing a pirated site when the user accesses ING's home banking services, presumably to obtain a username and password, the worm assigns a unique number to each infected iPhone / touch. In this way, pirates can return to the identified pocket to retrieve the desired information. In the security alarm issued, Intego would like to thank Scott McIntyre, Chief Security Officer of the Dutch company XS4ALL for helping to isolate and analyze the new worm. Intego has updated the virus definitions of the VirusBarrier X5 program which can now detect and remove iPhone / iBotnet.A. The other solution to remove the worm once contracted is to clear the iPhone and touch memory.
“We want to highlight – Intego says in a note – that users who perform the jailbreak expose themselves to known vulnerabilities that are exploited by circulating code. If users install ssh they should change the default password, which is widely known. Although the number of attached iPhones may be minimal, the amount of personal data that can be compromised and the ability of the new worm to create a botnet strongly suggest that iPhone users should keep the original configurations and not apply the jailbreak. " .