Malware enlists jailbroken iPhones for botnet

Intego calls worm 'most sophisticated' iPhone attack to date

A new worm is targeting jailbroken iPhones and adding them to a mobile botnet, according to a security memo from security vendor Intego.

Intego says that the worm starts off scanning local networks for jailbroken iPhones that have installed Secure Shell (SSH) and that haven't changed their default password. So far, the worm is scanning IP addresses of ISPs in The Netherlands, Portugal, Hungary and Australia. If the worm finds an unprotected iPhone, it will copy itself onto the device and add it to its botnet.

Additionally, the worm changes the device's password and thus prevents users from changing the password themselves. It then connects all infected devices to a central server in Lithuania that directs them to participate in distributed denial-of-service attacks, send spam or deliver malware to other machines.

The botnet worm, dubbed "iBotnet.A" by Intego, is the third major piece of iPhone-centric malware that has popped up over the last month. The first iPhone worm was a fairly innocuous piece of malware that replaced the iPhone's regular homescreen with Rick Astley wallpaper, a nod to the popular "Rick Roll" Internet meme. The second piece of malware harvested personal data from iPhones, including user e-mail, contacts, SMS messages, calendars and multimedia files.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A new worm is targeting jailbroken iPhones and adding them to a mobile botnet, according to a security memo from security vendor Intego.

Intego says that the worm starts off scanning local networks for jailbroken iPhones that have installed Secure Shell (SSH) and that haven't changed their default password. So far, the worm is scanning IP addresses of ISPs in The Netherlands, Portugal, Hungary and Australia. If the worm finds an unprotected iPhone, it will copy itself onto the device and add it to its botnet.

Additionally, the worm changes the device's password and thus prevents users from changing the password themselves. It then connects all infected devices to a central server in Lithuania that directs them to participate in distributed denial-of-service attacks, send spam or deliver malware to other machines.

The botnet worm, dubbed "iBotnet.A" by Intego, is the third major piece of iPhone-centric malware that has popped up over the last month. The first iPhone worm was a fairly innocuous piece of malware that replaced the iPhone's regular homescreen with Rick Astley wallpaper, a nod to the popular "Rick Roll" Internet meme. The second piece of malware harvested personal data from iPhones, including user e-mail, contacts, SMS messages, calendars and multimedia files.

Read more about wireless & mobile in Network World's Wireless & Mobile section.