Antivirus firm Sophos details the first known iPhone worm in the wild, which surfaced in Australia late last week. The worm affects users who have jailbroken their iPhones and installed SSH without then changing the default password and is currently a harmless exploit that simply changes the user’s iPhone background to an image of singer Rick Astley, but could be used for much more malicious purposes.
The worm, which could have spread to other countries although we have no confirmed reports outside Australia, is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH. Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again.
In analyzing the worm, Sophos has found multiple variants, as well as numerous comments within the code suggesting that the worm is an experiment to draw attention to the risks faced by users who have not taken appropriate steps to secure their devices.
The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them.
A forum poster known as ike_x on the Australian forum where the worm was first discussed has taken credit for the exploit and has been assisting affected users with removing it from their systems.
From: MacRumors
November 10th, 2009 at 2:11 pm
NOT a worm.
The attack is done phone by phone by one person, and it only works on phone systems that have Port 20 open (i.e. no worries in UK and US).