So let me get this straight, first you have to jail break the iPhone, then you have to
download the program, then you have install it onto the iPhone. It also doesn't hurt
the iPhone in any way, but it removes a directory containing 3rd party utilities (and
apparently accidently?)
First iPhone Trojan in the wild
Summary
The long-awaited first Trojan for Apple's iPhone arrived and left its shoe print. When installed the Trojan displays the word "shoes" on the screen.
Topics
The first warnings about the Trojan were posted on Saturday on the iPhone modification forum ModMyiFone.com, said security vendor F-Secure. When installed, the Trojan appeared to do nothing more than display the word "shoes", according to the ModMyiFone post.
However, when a user attempted to uninstall the malicious code, the application wiped files from the /bin directory, breaking "Erica's Utilities" such as sendfile. Erica's Utilities are a collection of command-line utilities for the iPhone, according to security vendor Symantec, which warned on Monday that the Trojan also overwrites OpenSSH, an open-source encryption protocol.
The Trojan, known as "iPhone firmware 1.1.3 prep", or "113 prep", is the first to be seen in the wild, according to Symantec researcher Orla Cox.
"This is technically the first Trojan horse seen for the iPhone; however, it does appear to be more of a prank than an actual threat," Cox wrote in a blog post. "The impact of uninstalling the 'Trojan' would appear to be an unintended side effect."
Affected users need to uninstall the Trojan and reinstall affected files, according to Symantec. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline, wrote Cox.
Both Symantec and F-Secure warned that users should be cautious when installing third-party iPhone applications. Apple warned in September last year that its own updates could break unlocked iPhones running unofficial iPhone software.
Talkback Most Recent of 50 Talkback(s)
-
olePigeon8th Jan 2008 -
The story forgot a few things
You have to be standing on a corner in Pittsburg wearing a green and red rubber suit while surfing phrack sites looking for a bluebox tone generator so you can place a call to India on Sunday. Seems to me that you'd need to go way out of your way to get this thing onto your phone.
Has anyone actually seen it, or are we facing another "security alert" that's designed to get us to buy more security software? FUD, FUD, FUD. It's really easy for an industry group member like F-Secure or Symantec to publicize a trojan that's no longer available since the average Jane can't disprove the claims... I wonder when F-Secure, Symantec and the others offer their "iProtection Suite[tm]". Hey, you better buy more security software, or you'll be sorry.
Timpraetor8th Jan 2008 -
you forget
Viri usually start out as harmless prank viruses (I remember the one for DOS i think it was, that cuased your computer to play a Sousa march. the very american one...forget what it was (da da dee da da ee da da da...). Harmless but annoying. But they got worse from there. These are more "proof of concept" kind of things, to show they CAn get into it. What if they decided to make it delete the core directory instead? posted on a forum, common way to xfer stuff like this initially. I think someone was testing the waters before delving into something a little more serious
ivanotter8th Jan 2008 -
Let's see....
If I intentionally jailbreak my product using unauthorized software and use it to intentionally install more unauthorized software from a questionable source, something bad might happen?
Um, ..... duh?
MarcB_z9th Jan 2008 -
re-read the story, bud
the only mention of jailbreak-ed phones running unauthorized software was a separate paragraph about an apple advisory that came out last september. This is something different.
And yeah, now that it's been done, look for more.
nancyjones36507@...9th Jan 2008 -
Jailbreak
Well, since you can't install 3rd-party software without jailbreaking your iPhone I guess it would be assumed it had already been broken.
Too_Busy_To_Be_Here9th Jan 2008 -
Yes, exactly
NTTimpraetor9th Jan 2008 -
Uh, I didn't realize Bud checked in,
But to install this trojan, you'd need to "jailbreak" the iPhone. Plus, from the description, it sounds like this trojan was disguised as a jailbreak update.
As for there being more, there's still no 3rd party corroboration that the thing even exists in the first place. Only the FUD from the security software firms (which was the purpose of my original comment).Timpraetor9th Jan 2008 -
The march was: "Stars and Stripes Forever"
And yes, I think someone is testing the waters.
-S
seannj4279th Jan 2008 -
Early PC virii?
The earliest PC virus I ever encountered (1983-1986?) was a floppy boot sector virus that caused random floppy writes to be thrown away "silently", thus randomly corrupting your disk. Once the hard drives were out for PCs, a flavor of this virus also did this for HD writes. If I recall correctly, it would only start acting up after some number of boots had passed (no non-volatile clock/calendar on early PC and PC-XTs), thus ensuring that it would have a lot of chances to infect diskettes.
The random failing looked, to the casual observer with sufficiently good tools, like a possible hardware problem.
Someone duplicated this virus for the Atart ST as well. Nasty bit of business that one -- I was bitten badly when a diskette I had taken to a LUG meeting with a demo of some software my employer was developing got infected. It corrupted the FAT on my 20MB SCSI drive, and I lost a lot of stuff (LSE enhanced MicroEmacs with a C like scripting language, several MIDI programs, and a very sophisticated disk defragmenter/optimizer) that I had developed at home and had not backed up. That was 1988.
filker09th Jan 2008 -
I miss the fun virii...
you know...the cool ones that would flip your screen upside down or make your CD drive open and close randomly...Too_Busy_To_Be_Here9th Jan 2008 -
you iPhone is now stoned
I still have that on disk somewhere, just need to find a 5 1/4 drive to infect someone with it.
jckatz9th Jan 2008 -
OT: the song is the washington post march
I believe the Sousa song is the Washington Post March.
Wikipedia's article has a link to a midi file of it.
http://en.wikipedia.org/wiki/The_Washington_Post_(march)
Just in case not knowing was bothering you...
Ima
Ima Sudonim9th Jan 2008 -
Pranking as Testing the Waters IS a Common Trick
I've got a MacBook Pro and several iPods - as well as both Windows and Linux desktops and laptops I either own or am responsible for. While I love Apple products and consider them somewhat inherently safer than Windows products, I'm also aware there's no such thing as a 100% bulletproof system - and Apple users HAVE gotten complacent in the last few years.
Though it sounds like there's a several-step process to catch this Trojan, I can't help but remember the IT Guy's bromide, "Social engineering - b/c there's no patch for human stupidity." If the Bad Guys figure out some clever way of convincing iPhone users they really, REALLY need what this Trojan pretends to be, then there are thousands of iPhone users who will be just stupid enough to obediently follow along and infect themselves.... :/
drprodny9th Jan 2008 -
ROFL
Great post!
Aragorn_z9th Jan 2008
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
