More Information about the iBotnet Worm that Attacks iPhones

Posted on by

We reported yesterday about a worm that affects jailbroken iPhones, stealing personal data, directing users to phishing sites, and creating a botnet. Intego’s security specialists have analyzed the code of the iBotnet worm and have found striking similarities with the ikee worm, which we discussed on November 9. What this means is that the newer worm, iBotnet, has used some of the code that was published on-line after the ikee worm was discovered.

The creator of the ikee worm thought that his malware was a mere prank, and could alert iPhone users who jailbreak their phones to the security risks they run. However, his releasing the code publicly had the effect that we expected: malware writers – the malicious ones – took advantage of his work to create new, more dangerous malware.

At the risk of repeating ourselves, we’d like to reiterate what we said yesterday: users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild. If users install ssh, they should change the default password, which is widely known.

Apple agrees with us. In a statement published on The Loop, an Apple spokesperson said, “As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.”

Intego feels that we have not seen the end of malware attacking jailbroken iPhones. They’re an easy target, and effective code is widely available. So think very carefully before you jailbreak your iPhone, and take the necessary security precautions: change your root password!