News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About
The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot your password?

iPhone worms can create mobile botnets

2009-12-22 09:10 by
Tags: iPhone, SSH, malware

 

Security researchers have analyzed the code and design of recently discovered malware that targeted jailbroken iPhones. The code exists as a proof of concept that smartphones could easily be turned into a mobile botnet capable of stealing sensitive personal data.

So far, what little malware has been released for the iPhone has only affected the small percentage of folks who jailbreak and leave an SSH daemon running with the default root passwords. While some of these programs have been nothing but harmless pranks, a malicious version that attempted to create an iPhone botnet has been analyzed by researchers, leading them to conclude that mobile phones could quickly become a major target for malware writers.

The worms all started when a Dutch hacker decided to use port scanning to find iPhones with open SSH ports and default root passwords. He wrote a little program that would change the wallpaper to look as though a somewhat official-looking warning box had opened, which warned the user about running open SSH ports with default passwords. An Australian hacker then used the technique to create a worm that was self-replicating.

This version, iKee.A, replaced the wallpaper with a picture of Rick Astley—a sort of graphic rickroll. Then someone modified the iKee.A code to create the malicious iKee.B (aka iPhone/Privacy.A and iBotnet.A). It was initially designed to copy personal data and upload it to a server. However, at one point it was configured to use DNS cache poisoning to redirect ING banking customers to a phishing site and steal logins and passwords.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top