Third iPhone worm targets jailbroken iPhones

From InfoWorld: Another week, another worm hitting jailbroken iPhones. As with the previous exploits, which Rickrolled your phone's wallpaper and stole your data, this nasty piece of work burrows its way into your jailbroken device if you haven't changed the password for the iPhone's root account -- you have changed your root password, right? Right?

A source who's seen the worm in the wild tells Macworld that, after compromising the phone, the worm goes on to replace the phone's copy of the SSH remote log-in software, changes the root password (so you can't stop the worm without wiping the phone), skims your SMS database, checks in with its Lithuania-based overlords via the network, and then starts running a piece of software that searches for other vulnerable phones on both the local network and known IP address ranges of specific Internet Service Providers (mostly European). Somebody should have told the worm that nobody likes overachievers.

Our source also told us that though the worm seems to include code for uploading the SMS database to the worm's creators, it wasn't active in the version he saw. However, the worm can also download further files over the network, meaning it could potentially add other attack capabilities.

For users, the main visible symptom seems to be intense battery drain as a result of the constantly-running SSH-attacking process that the worm starts. Apparently, the reduction in battery life has been so severe that it's even caused some infected users to wipe and restore their handsets without even realizing that the worm was installed.

View: Article @ Source Site