Duh/Ikee.B: The latest iPhone worm that steals your bank account details
23 Nov2009
Just when one thought that the spam attacks on iPhone are over, a new iPhone worm emerges onto the scene. To worsen the situation, the latest worm is much malicious than the previous iPhone worms which include iPhone/Privacy.A and ikee . As always, it targets jailbroken iPhones and iPod Touch devices. Duh or Ikee.B is the name of this undesirable worm.
Apparently this iPhone worm is currently targeting Dutch ING customers and takes control of their iPhone once a user logs in to the purported ING direct login page via their jailbroken iPhone or iPod Touch, for that matter. It may currently be affecting only Netherland based iPhone audience, but beware, it can expand itself since it has the ability to spread using the WiFi network of the affected iPhone. Read this to see how naughty this worm actually is:
This worm attacks IP ranges from a larger range of ISPs, including UPC (Netherlands), Optus (Australia), and T-Mobile (Many). When an infected device is hooked up to a WiFi connection, the worm can spread more quickly to more IP addresses than on a typical 3G connection. One symptom noted by security.nl is that battery life is very, very short when the device is connected to WiFi, because the worm is generating so much network activity
One more thing, apparently this worm is changing the default password set as alpine by SSH to ohshit.
Again it does not affect users with non-jailbroken iPhone/iPod Touch
How to protect your jailbroken iPhone
It is highly and strongly recommended that anyone who owns a jailbroken iPhone/iPod Touch with SSH installed should change the default password to something more secure.
