Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Worm:iPhoneOS/Ikee.B


Aliases:


iPhoneOS/Ikee.B

Malware
Worm
iPhoneOS

Summary

A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.



Disinfection & Removal

Restore the iPhone device's factory firmware via Apple iTunes.



Technical Details

Worm:iPhoneOS/Ikee.B is the second variant of the Ikee worm and the first with a clearly malicious attack.This variant is the first iPhone worm to be created with a distinct financial motivation, as it searches for and forwards financially-sensitive information stored on the iPhone. Fortunately, the control server which receives the stolen information has been taken offline. Users in a number of countries, including the Netherlands and Australia, are affected by this worm.


Infection

IKee.B only infects iPhones if:

  • The device is 'jailbroken' - hacked by the user in order to install software that hasn't been approved by Apple
  • AND an unapproved Secured Shell (SSH) application, which allows remote access to the device, has been installed
  • AND the default SSH password for the 'root' user has not been changed from the factory default ('alpine')

Users who have not jailbroken their iPhones, do have have an SSH application installed, or have changed the default SSH password are not affected.


Execution

When active on the iPhone, Ikee.B does the following:

  • Changes the root password from 'alpine' to 'ohshit'
  • Connects to a control server at 92.61.38.16 via HTTP and downloads additional components
  • Communicates banking information contained in SMS messages stored on the device to the control server.

Propagation

While active, the worm attempts to scan for other vulnerable iPhones over the Wi-Fi or 3G networks. If found, the worm proceeds to infect them.





Description Created: 2009-11-25 03:10:32.0
Description Last Modified: 2009-11-25 04:00:03.0



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.