updated 01:45 pm EST, Mon November 23, 2009
Code works in similar way to recent 5 Euro scam
A new worm has begun targeting iPhones and iPod touches, however it only appears to attack jailbroken devices, according to the security company Sophos. The worm, which works in a similar way to the recent 5 Euro scam, was reportedly discovered after a Dutch ISP noticed unusually high volumes of data traffic.
Unlike the earlier extortion scheme and a separate Rick Astley worm, the latest virus utilizes command-and-control code that allows hackers to access personal information. A variety of IP ranges have been targeted, leaving ISPs such as UPC, Optus and T-Mobile vulnerable. Any stolen data is then uploaded to a Lithuanian server, while each device is assigned a unique ID as a reference for the attackers.
Creators of earlier worms had warned users to change the default root password from the default of "alpine." The malicious worm takes advantage of this vulnerability by changing the password to prevent the user from securing the device.
Although the intent of the worm is unclear, it apparently searches for mTANs authentication messages which contain one-time passwords for bank logins.
Owners of jailbroken iPhones may notice extremely short battery life after infection when connected to Wi-Fi networks. Users can also check to verify that the root password is still "alpine." If it has been changed, Sophos blogger Paul Ducklin has posted the alleged new password.