Ikee.B virus gives control of iPhones to cybercriminals

A new virus is attacking iPhones and giving control of the devices to a botnet in Lithuania.

A new virus is attacking iPhones and giving control of the devices to a botnet in Lithuania.

If infected, the phones will download and perform any commands the cybercriminals want it to in the future, according to IT security firm Sophos.

The new worm, called "Duh" or "Ikee.B", spread over the weekend. It hunts for vulnerable phones on a wide range of IP addresses.

It follows the first ever iPhone virus Ikee, which appeared two weeks ago but was only reported in Australia. The current worm includes IP ranges in several countries, including the Netherlands, Portugal, Australia, Austria and Hungary.

Sophos found that the virus also changes an iPhone's password. Researcher Paul Ducklin said the password the hackers choose is "ohshit". The company advised anyone with a hacked phone to change the root password.

Ducklin, head of technology in Sophos Asia Pacific, said, "Apple's default root password "alpine" on the iPhone breaks two fundamental rules - it is both a dictionary word and is well-known. The new worm will break in and immediately change it. This change is made by directly editing the encrypted value of the password in the master password file, so that the new password is never revealed.

"This represents an additional risk as it means that cybercriminals now know what your password is, allowing them to log back into your iPhone later, but you don't, so you cannot login and eliminate the virus."

Graham Cluley, senior technology consultant at Sophos, said, "This latest iPhone malware is doubly criminal. Not only does it break into your iPhone without permission, but it also cedes control of your phone to a botnet command server in Lithuania.

"That means your iPhone is turned into a zombie, ready to download and to perform any commands the cybercriminals might want in the future. If infected, you have to consider all of the data that passes through your iPhone compromised."

Read more on IT risk management