tumblr hit counter
espanol

http://pandalabs.pandasecurity.com/archive/This-way-works-the-worm-for-iPhone.aspx

Dec 10

We have created a video on how the iPhone/Eeki worm targeting iPhones works.

You can see it here:

As you can see in the video, this malware first checks it is not already running on the device. To do so, it checks whether the following file exists:

/var/lock/bbot.lock

This may help you know if you are infected; if the information is in your device, it means the worm is there.
Next, it changes the device host and stops the SSH daemon.
It then tries to spread on the subnet the phone is connected to and tries to create a random IP range. It tries pre-established ranges corresponding to certain companies’ IP addresses:

IPs

Once the IP address is created, it remotely accesses the jailbroken iPhone device, establishing an SSH connection and using the default root key, included in all iPhoneOS devices (1G, 2G and 3G Iphone and ipod touch devices). If access is denied, it tries to create a random IP again and repeats the process until it obtains a valid IP from a vulnerable victim.

Once the victim is found with the previous credentials, it obtains a remote session and copies itself to the affected phone, adding:

/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
/System/Library/LaunchDaemons/com.ikey.bbot.plist

to run on restart.

It stops the SSH service that has caused the infection. Finally, it copies a photo of Rick Astley and uses the image as the device wallpaper.

WallPaper 

“Thanks to Gorka Ramírez and Francisco Berenguer for the information and the video”.

Post to Twitter

  • (12) Comments

Comments are closed.

Trackbacks

  1. Infecting the iPad }:-) | PandaLabs Blog says:
    June 23, 2010 at 9:01 am

    [...] that affected devices based on the iPhone operating system, it was the worm iPhone/Eeki. We wrote a blog post explaining how the worm worked, and prepared a video where you could see how it was infected and [...]

  2. Los virus diseñados para infectar iPhones también afectan a dispositivos iPad | Prensa Panda Security says:
    June 23, 2010 at 9:59 am

    [...] algunos ejemplares de malware especialmente diseñados para esta plataforma. El pasado año, PandaLabs advertía sobre un ejemplar de gusano, iPhone/Eeeki, dispuesto a infectar dispositivos iPhone que habían sido modificados para poder [...]

  3. Viruses designed for iPhones can also infect iPads | Press Panda Security says:
    June 23, 2010 at 10:12 am

    [...] designed specifically to target these platforms is beginning to attract more attention. Last year, PandaLabs warned about a worm, iPhone/Eeeki, able to infect jailbroken iPhones (i.e. those that have been tampered with in order [...]

  4. Anche l’iPad è sotto attacco malware says:
    June 23, 2010 at 5:39 pm

    [...] il malware progettato per attaccare queste piattaforme sta attirando ancora maggiore attenzione. Lo scorso anno, i laboratori di Panda avevano segnalato la presenza del worm iPhone/Eeeki, capace di colpire i [...]

  5. Los virus diseñados para infectar iPhones también afectan a dispositivos iPad | Estamos en Línea says:
    June 24, 2010 at 6:31 am

    [...] algunos ejemplares de malware especialmente diseñados para esta plataforma. El pasado año, PandaLabs advertía sobre un ejemplar de gusano, iPhone/Eeeki, dispuesto a infectar dispositivos iPhone que habían sido modificados para poder [...]

  6. Panda Security: Viruşii concepuţi pentru iPhone pot infecta, de asemenea, şi iPad-urile | SecurityNews says:
    June 24, 2010 at 11:07 am

    [...] Laboratoarele anti-malware de la Panda Security au demonstrate, recent, că malware-ul proiectat pentru a infecta iPhone-urile poate compromite, de asemenea, echipamentele iPad, a anunţat producătorul de soluţii de securitate. [...]

  7. Der Apfel hat einen Wurm | PandaNews says:
    June 24, 2010 at 2:21 pm

    [...] ins Visier von Malware-Programmierern geraten. Schon im November 2009 haben die PandaLabs den Eeeki-iPhone-Wurm entdeckt, der gejailbreakte iPhones infiziert. „Jailbreak“ bedeutet, die Beschränkungen [...]

  8. Los virus diseñados para infectar iPhones también afectan a dispositivos iPad says:
    June 25, 2010 at 1:21 pm

    [...] algunos ejemplares de malware especialmente diseñados para esta plataforma. El pasado año, PandaLabs advertía sobre un ejemplar de gusano, iPhone/Eeeki, dispuesto a infectar dispositivos iPhone que habían sido modificados para poder [...]

  9. Los virus diseñados para infectar iPhones también afectan a dispositivos iPad « Posa Studio Creativo says:
    June 29, 2010 at 1:08 pm

    [...] algunos ejemplares de malware especialmente diseñados para esta plataforma. El pasado año, PandaLabs advertía sobre un ejemplar de gusano, iPhone/Eeeki, dispuesto a infectar dispositivos iPhone que habían sido modificados para poder [...]

  10. Vírus desenvolvidos para iPhones podem afectar iPads « HighTec Eurokam says:
    June 29, 2010 at 1:13 pm

    [...] ano passado o PandaLabs alertou para um worm, o iPhone/Eeeki, capaz de infectar iPhones desbloqueados ilegalmente (por exemplo através da [...]

  11. Secondary Logic - Infecting the iPad }:-) says:
    July 10, 2010 at 9:16 am

    [...] that affected devices based on the iPhone operating system, it was the worm iPhone/Eeki. We wrote a blog post explaining how the worm worked, and prepared a video where you could see how it was infected and [...]

  12. Infecting the iPad :-) | Secure Tutorials Tips Tricks Tools says:
    July 18, 2010 at 8:53 pm

    [...] that affected devices based on the iPhone operating system, it was the worm iPhone/Eeki. We wrote a blog post explaining how the worm worked, and prepared a video where you could see how it was infected and [...]

  • Become a fan!


    Panda Security on Facebook
    • -->

  • Popular Posts

  • Blogroll

  • Categories