BBC reports that a second worm has been discovered that attacks certain jailbroken iPhones. The malicious software was discovered by security company F-Secure but appears to be isolated and specific to the Netherlands. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank's customers to a lookalike site with a log-in screen. F-Secure estimates the number of affected phones to be only in the "hundreds" at this point, though it could theoretically spread. The worm appears to exploit the same users as the harmless Australian worm which displayed a photograph of popsinger Rick Astley. Only individuals who had specifically jailbroken their iPhones, installed SSH and not changed the default password seem to have the potential to be affected. This particular worm, however, is potentially far more serious as according to F-Secure it also "enables the phone to be accessed or controlled remotely without the permission of its owner." Update: Additional information from Intego reveals that the worm also steals personal data as well as opens the iPhone up to further access/control. When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices
link: Mac Rumors: Apple Mac Rumors and News You Care About
No comments:
Post a Comment