First Malicious iPhone Worm In the Wild

An anonymous reader writes "After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation; original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices (link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present."

In other news, idiot users get hacked

[Azureflare]

Just to clarify:

Wederom zijn het alleen gebruikers van een gejailbreakte iPhone of iPod Touch die risico lopen.

Translation: Again are the only users of an iPhone or iPod Touch gejailbreakte at risk.

In summary, if you jailbreak your phone, install apps to make your phone a server, and don't take steps to secure it, you are an idiot and deserve whatever happens.

Re:Wait a second?

[CrackedButter]

I can already do number 3 without jailbreaking my phone.

Re:Why a default password?

[Suzuran]

Jailbreaking DOES NOT install ssh by default. You have to install openssh yourself after jailbreaking.

Nope, still wrong, AT&T allows skype on 3G

[SuperKendall]

You can use Skype/VOIP over the AT&T 3G network now [tmcnet.com]