worm – One Foot in the Mudd

Hot on the heels of the ikee worm, a second piece of iPhone-related malware has appeared, which enables hackers to connect to any device that has been jailbroken and still has an unchanged root password.

Jailbreaking is a term used to define iPhones that have been hacked by users to enable software other than that available through the App Store to be installed.

The new malware takes advantage of the same vulnerability in the iPhone as the ikee worm and has been dubbed iPhone/Privacy.A by Mac security software house, Intego, which first discovered its existence.

The company explained on its blog that hackers use the tool by installing it on either their own or compromised third-party Macs, PCs, Unix and Linux-based machines – or even on iPhones themselves. The program scans networks that are accessible to it and, when it finds a jailbroken iPhone, breaks into it, steals data including email, contacts and music files, and copies them.

Unlike the ikee worm, which indicates its presence by changing the iPhone’s wallpaper, there is no obvious sign that Privacy.A has been installed. Standard, non-jailbroken, iPhones are not at risk but estimates suggest that between six and eight per cent of all such devices are jailbroken.

Intego indicated that it was not possible to protect iPhones from exploitation by the tool at this time and therefore advised users to stick to stock configurations or risk exposing themselves to known vulnerabilities being exploited by code circulating in the wild. The supplier has developed VirusBarrier X5 to detect and eradicate the hacker tool on potential host Macs, however.

The release of Privacy.A comes the day after a poll by security software vendor Sophos indicated that a huge three-quarters of respondents believed that the Australian student who wrote the ikee worm was justified because he helped raised awareness of security issues.

But Graham Cluley, senior technology consultant at the vendor, was proved right in saying at the time that the move had let the genie out of the bottle, increasing the likelihood of others writing “a far more dangerous version of the worm, which could have a much more dangerous payload”.

http://www.v3.co.uk/v3/news/2252939/iphone-malware-spotted

A general word of caution to all facebook users- considering its one of the most popular social networking sites, i guess is a general caution to all.

There are several worms doing the rounds on facebook – the most recent of them being the koobface.
the modus operandi is the same- send a link through a message, considering its coming from a friend, you tend to visit it, after that it downloads a trojan onto the system. Now the scary part is that its using the macromedia / activex route to run this exploit.
its asking for the update, its downloading a worm onto the system, and then when you visit facebook the next time, it gets your username / password and replicates itself. from the facebook account. It has appeared to have been more complext through a greater level of automation than before. So next time a message comes from a friend, please check the message before visitng the site.

More :
http://news.cnet.com/facebook-fights-new-koobface-worm-another-rogue-app/
http://www.techcrunch.com/2008/08/07/elaborate-facebook-worm-virus-spreading/

Category: worm

#Security #Alert #Apple New iPhone malware spotted

Facebook Worm!