Jail Broken iPhone Botnet Worm
Monday, November 23, 2009 at 09:05AM
drStrangeP0rk in Trojan, Worm, Zero Day, iPhone

It is being reported by Intego that a worm is again targeting jail broken iPhones, it has identified the worm as iPhone/iBotnet.A. Jail broken iPhone have become popular in that they let users load other software and get access to services via root on the phone. The problem is that many users do not change their root password from "alpine" which is the default after jail breaking. Over the last couple of weeks this has resulted in malicious attackes including defacement and stealing of personal data using the default password. 

Now the current worm is changing the root password to "ohshit" and transferring data to a server in Lithuania. The phone can also be used as part of a spamming botnet to spread bogus email's and malware. The mobile zombies can also carry our more sophisticated attacks include SMS and host redirect via the /etc/host file.

The /etc/host file is a list of host that is checked before DNS queries, the worm is reportedly altering the file to include a bogus record for a Dutch bank. When the user is directed to the site their user names and passwords are stolen. 

These attacks are only affecting jail broken iPhones, users who have iPhones in a updated Apple approved state are not vulnerable. There is an important lesson in all of this, more and more users who alter devices/software without understanding the implications could put themselves, friends, family and companies at risk. Cracked software and hardware is an excellent way to spread malware and an excellent target. User who root devices and do not understand the implications have always been a threat.

Update on Monday, December 21, 2009 at 04:50PM by Registered CommenterdrStrangeP0rk

SRI International has published an analysis of the IKEE.B worm that spread via Jail Broken iPhones early November. The New York Times also published an article related to crackers interest in phones. Many phones are mobile computers and this is the beginning to what is possible in having a collective mobile network of bots. I can think of hundreds of uses for a botnet of phones. For example a botnet herder can get the location of several phones close to an address and attack a specific WiFi location to perform DOS, Password Hijacking, cross site scripting and general phishing expedition type attacks. I like to think of this as warWalking. They can even guide the phone user to the location to enhance the attack. The possibilities are endless. 

http://mtc.sri.com/iPhone/

http://www.nytimes.com/2009/12/21/technology/21cell.html?nl=technology&emc=techupdateema1

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.