Story image

iWorm ikee: Sex and Drugs and Rick and Roll

13 Nov 09

The iPhone, it seems, is under siege: a recent worm exploits a known (and previously exploited) vulnerability that affects the owners of ‘jailbroken’ phones on which OpenSSH has been installed. (Jailbreaking allows iPhone users to install and use unapproved applications.)

Of course, there's been an enormous amount of media coverage on this already (I've just returned from a conference trip at which I had no email access), and I don't care for "me too" blogs, but there's also been a certain element of mythmaking, so I'm going to concentrate on a few aspects of this (admittedly interesting) event that I don't think have received sufficient attention.

Jailbreaking is (irrespective of whether it's a good idea) enough to expose an iPhone to infection by this particular worm.

• As far as I can tell, every known variant spreads by scanning hardcoded IP ranges owned by Optus in Australia (for more, click here and here). That doesn't mean a comparable attack can't be carried out in any IP space, of course (an Intego blog does suggest a spread beyond Australia, but I haven't seen that corroborated elsewhere so far), especially as the source code was publicly available for a while and lots of people seem to be furiously searching for it. No doubt for entirely virtuous reasons. (Thanks, Graham.)

• Jailbreaking doesn't entail installing OpenSSH. You have to have chosen to install it subsequently. (Thanks, Roel.) That doesn't mean, though, that similar exploits can't be used with other applications.

• You also need to be using the default passwords for the root and mobile accounts: resetting those passwords blocks this particular infection. That doesn't fix everything, though. Passwords may be reset to default, notably by firmware upgrades.

So is this really harmless fun? The apparent creator of this mess seems to think so (for more, click here). That interview seems to me to argue a moral sensibility displaying an immaturity close to the sociopathic, but at least he seems to have attempted to give some information about removing the infection. Given his admitted carelessness in coding and failure to anticipate some of the effects of his malware, you might want to be careful about taking his advice. As I don't have an iPhone or a sample, I'm not currently able to verify its accuracy.

Apparently a number of people agree that it's harmless. Apart from some reports that refer to this "prank" (I'm reminded of Microsoft's attempts to minimise the importance of WM/Concept, the first major Word macro virus, by dubbing it Prank Macro), a poll conducted by Sophos apparently determined that 76% of respondents consider malware an acceptable way to raise security awareness. Well, I never heard that one before… Oh, wait a minute, isn't that the excuse used by countless script kiddies and hobbyist virus writers, not to mention BBC journalists in the market for buying botnets? Well, I'm sure malware will start having a beneficial effect on public security awareness any century now.

If you have a jailbroken iPhone, now would be a good time to make sure that you've reset the passwords for the root and mobile accounts. See here for details on how to do this.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET

Update: there's more information on the Windows 7 exploit mentioned below in a Register article here.

Update 2: I keep seeing references to this as a virus or worm. However, the code I've seen does not contain any self-replicative functionality. It's not even a Trojan, as such.

HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
InternetNZ welcomes Govt's 99.8% broadband coverage plan
The additional coverage will roll out over the next four years as part of the Rural Broadband Initiative phase two/Mobile Black Spots Fund (RBI2/MBSF) programme expansion.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Radware joins Chillisoft’s expanding portfolio
The cloud DDoS prevention, app delivery controller, and web app firewall expert is another step toward a total enterprise security portfolio.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Wearables market flourishing - fuelled by smartwatches
A market that has stuttered in the past now has a bright forecast as adoption of wearable technology continues to thrive.
The tech that helped the first woman to sail around Australia
Lisa Blair used devices from supplied by Pivotel to aid her in becoming the first woman to circumnavigate Australia non-stop.
Why there will be a battle for the cloud in 2019
Cloud providers such as AWS, Azure, and Google will likely find themselves in a mad scramble to gain additional enterprise customers.