Virus

Any iPhone Can Be Infected By Spywares

So you thought you’re iPhone was safe from getting any worm or virus because you didn’t jailbreak it? Think again! We talked before about Ikee, iPhone/Privacy.A and other unnamed worms but only those jailbroken iPhones were vulnerable. Now your brand new stock iPhone may get infected too…

According to the Register:
Swiss iPhone developer Nicolas Seriot has published research on security shortcomings that could create a mechanism for hackers to lift data from regulation iPhones. Email accounts, keyboard entries held in cache and browser history files are all potentially exposed by a malicious app.

Seriot has developed a proof of concept app, called SpyPhone, in order to demonstrate how Apple’s own APIs might be misused to read or edit a user’s address book, browse web surfing history, recent GPS position and more.
The full presentation is available for download from here (pdf).

If you’re thinking that you’re still safe because Apple will never allow such an app in the App Store, then you’re wrong. As Martin Bryant reports, it seems that it’d be relatively easy to fool Apple into approving a spyware app by delaying deployment of the spyware, encrypting the payload or by using clever coding tricks.

Scary, isn’t it? More scary is that some of these apps might already be in the App Store. Haaaaaaa! Alright, people, relax! While this is all true and possible, I highly doubt that we should worry too much for now.

Are you worried?

Warning: Your iPhone is Under Attack! Here Are Instructions on How to Get Maximum Protection

Let’s be honest, the iPhone has had a pretty long run without being the target of hackers and it’s about time it gets its share of viruses and worms.

A few weeks ago, I wrote an article showing you how to protect your iPhone against hackers. But what happens if you have already been infected? What are the symptoms and how to get rid of them?

In this article, I will show you how to figure out which worm (if any) has infected your iPhone, and how to get rid of it while making sure it never comes back.

This information was first compiled by Patrick Miller of PC World, and I adapted it for the purpose of this article.
Ikee
Ikee was the first virus to target the iPhone. The symptoms are pretty clear: it changes your wallpaper to a picture of Rick Astley. So if you see a picture of a young man with the words “ikee is never gonna give you up”, then look no further, you have been infected by the Ikee worm.

Thankfully, getting rid of Ikee is pretty simple. First you will have to download and install MobileTerminal from Cydia and reboot your iPhone. Then launch MobileTerminal and login with your username and password under your root account. If you haven’t changed it yet (and you should), your username is “root” and your password is “alpine”.

Now follow these commands. Everything is case sensitive so be very careful.

rm /bin/poc-bbot
rm /bin/sshpass
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock

These commands sometimes don’t work. That means you are infected by an alternate version of Ikee. If that’s the case, follow these commands instead:

rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup.so
rm /usr/libexec/cydia/startup-helper
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist

Note that if you have to remove the 4 files above, you will have to reinstall Cydia.
iPhone/Privacy.A
The iPhone/Privacy.A is harder to detect because it doesn’t leave any track on your iPhone. Instead, it can be installed on any computer (even Mac OS X) and it will scan all available networks in search of a vulnerable iPhone to infect.

In order to get rid of iPhone/Privacy.A, simply update and run your antivirus. It should have no problem detecting and deleting it.
Unnamed Worm
The last worm hasn’t been named yet. You can easily figure out if you’ve been infected if your battery is running down abnormally quickly. The reason to this battery drain is that the worm is constantly running in the background in search of other iPhones to spread to over wifi. This one is pretty tricky too as it will change your default SSH password to prevent you from deleting it.

Unfortunately there is no easy fix for this unnamed worm. The only solution at the time is to restore your iPhone and set it up as a new phone (do not restore from backup).
How to Make Sure You Don’t get Infected Again
The best way to make sure you don’t get infected in the first place (or don’t get infected again) is to change your iPhone root password. You may want to refer to this tutorial on how to do this.

I hope this information will be usefel those of you who have been infected, but hopefully you won’t have to use it…

Patchulous is a virus

If you’re like me and you check the new apps in Cydia on a daily basis, you probably saw a new app called Patchulous. The description of Patchulous may be interesting for anyone having issues with cracked .ipa files:
Patchulous patches .ipa files that have a second security measure such as TextGuru or BlueSkies. This can be used for other IPAs that may come out in the future with second security measures.
I googled Patchulous and came across this thread on MMI. Here is what user ButFuq (interesting screen name!) reports about Patchulous:
immediately after installing it to 3g iphone- all cracked apps not installed through cydia were erased. it was installed through cydia.
If I were you, I would not install this app until we know more about it.

Hackers distribute Trojan as iPhone game

Beware of this Penguin.Panic.zip attachment!

A new spam email aimed at Windows users who have an iPhone has surfaced. The virus, which pretends to contain the most popular iPhone game in a attachment, actually contains a Trojan Horse Troj/Agent-HNY. Although it looks like a pretty cute and funny game, it could really arm your PC.

The attachment doesn’t even execute on a Mac but it will infect your PC right away.Instead of opening the game as you would expect, a simple message pops up saying “Shoes”. Once opened, deleting the game will not help at all as it will delete other files on the system, which will cause some of your Windows process to crash.

Do not open emails that show the following subject lines:

Virtual iPhone games!
Take a break!
Apple: The most popular game!
Virtual iPhone toys!
Beet my score! (7000 points)

Possibly more are coming so be careful. If you see an email from someone you don’t know, delete it right away. I sounds like common sense but it seems people are still being tricked by these emailed viruses.

Source: Sophos