A new virus is attackingiPhonesand giving control of the devices to a botnet
in Lithuania.
If infected, the phones will download and perform any commands
the cybercriminals want it to in the future, according to IT
security firm Sophos.
The new worm, called "Duh" or "Ikee.B", spread over the weekend.
It hunts for vulnerable phones on a wide range of IP addresses.
It follows the first ever
iPhone virus Ikee, which appeared two weeks ago but was only
reported in Australia. The current worm includes IP ranges in
several countries, including the Netherlands, Portugal, Australia,
Austria and Hungary.
Sophos found that the virus also changes an iPhone's password.
Researcher Paul Ducklin said the password the hackers choose is
"ohshit". The company advised anyone with a hacked phone to
change the root
password.
Ducklin, head of technology in Sophos Asia Pacific, said,
"Apple's default root password "alpine" on the iPhone breaks two
fundamental rules - it is both a dictionary word and is well-known.
The new worm will break in and immediately change it. This change
is made by directly editing the encrypted value of the password in
the master password file, so that the new password is never
revealed.
"This represents an additional risk as it means that
cybercriminals now know what your password is, allowing them to log
back into your iPhone later, but you don't, so you cannot login and
eliminate the virus."
Graham Cluley, senior technology consultant at Sophos, said,
"This latest iPhone malware is doubly criminal. Not only does it
break into your iPhone without permission, but it also cedes
control of your phone to a botnet command server in Lithuania.
"That means your iPhone is turned into a zombie, ready to
download and to perform any commands the cybercriminals might want
in the future. If infected, you have to consider all of the data
that passes through your iPhone compromised."