REVscene Automotive Forum

REVscene Automotive Forum (https://www.revscene.net/forums/)
-   Mobile Phone & Tablet Chat (https://www.revscene.net/forums/mobile-phone-tablet-chat_52/)
-   -   A new iphone worm (https://www.revscene.net/forums/597432-new-iphone-worm.html)

604778 11-23-2009 09:24 PM
A new iphone worm
 
http://mashable.com/2009/11/23/iphone-worm-malicious/

Quote:
A couple of weeks ago, the first iPhone worm appeared, spreading on jailbroken devices with the SSH application installed (vulnerability being the fact that many users haven’t changed the default root password). As far as worms go, this one was quite benign, merely “rickrolling” users; i.e., changing the background image on the device to an image of Rick Astley.

Now, according to early reports of strange activity by Dutch ISP XS4ALL, and later confirmed by Sophos, there’s a new worm in the wild, and this one is far more malicious.

The new worm is called “Duh” or “Ikee.B”, and it uses the exact same vulnerability as the first one. The fix is thus identical – change the root password in the SSH application to something other than the default, which is “alpine”.

Failing to do so might result in very serious consequences. According to Sophos, Ikee.B is “designed to connect to a server in Lithuania and to follow orders from remote hackers.” It can find vulnerable iPhones on a wide range of IP addresses, including IPs in several different countries, for example the Netherlands, Portugal, AustraliaAustraliaAustralia, Austria, and Hungary. Furthermore, it changes the root password on the iPhone to “ohshit” (as discovered by Paul Ducklin, head of technology in Sophos Asia Pacific.)

Users who haven’t jailbroken their iPhone or haven’t installed the SSH application are not affected by this vulnerability.

hongy 11-23-2009 11:37 PM
This was bound to happen with the amount of people working/developing apps for the iphone.

hotjoint 11-24-2009 07:23 AM
I changed my ssh password as soon as I heard about this

Psykopathik 11-24-2009 07:44 AM
i just removed ssh. i hardly use it. reinstall when i do.

TOS'd 11-24-2009 07:45 AM
^ same. actually, i don't even use my iphone for anything other than calls, txt, and surfing the web. i've kinda lost interest in it.

Psykopathik 11-24-2009 08:37 AM
^^seriously? i can't put my phone down for more than a few minutes. I hardly even use my PC anymore.

Even when i'm taking a dump, my iPhone is in my hand.

hotjoint 11-24-2009 09:57 AM
just in case you havent changed your ssh password, heres how to do it.

http://www.simonblog.com/2009/11/10/...from-ssh-hack/


All times are GMT -8. The time now is 05:22 AM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
SEO by vBSEO ©2011, Crawlability, Inc.
Revscene.net cannot be held accountable for the actions of its members nor does the opinions of the members represent that of Revscene.net