So let me get this straight, first you have to jail break the iPhone, then you have to
download the program, then you have install it onto the iPhone. It also doesn't hurt
the iPhone in any way, but it removes a directory containing 3rd party utilities (and
apparently accidently?)
First iPhone Trojan in the wild
Summary
The long-awaited first Trojan for Apple's iPhone arrived and left its shoe print. When installed the Trojan displays the word "shoes" on the screen.
Topics
The first warnings about the Trojan were posted on Saturday on the iPhone modification forum ModMyiFone.com, said security vendor F-Secure. When installed, the Trojan appeared to do nothing more than display the word "shoes", according to the ModMyiFone post.
However, when a user attempted to uninstall the malicious code, the application wiped files from the /bin directory, breaking "Erica's Utilities" such as sendfile. Erica's Utilities are a collection of command-line utilities for the iPhone, according to security vendor Symantec, which warned on Monday that the Trojan also overwrites OpenSSH, an open-source encryption protocol.
The Trojan, known as "iPhone firmware 1.1.3 prep", or "113 prep", is the first to be seen in the wild, according to Symantec researcher Orla Cox.
"This is technically the first Trojan horse seen for the iPhone; however, it does appear to be more of a prank than an actual threat," Cox wrote in a blog post. "The impact of uninstalling the 'Trojan' would appear to be an unintended side effect."
Affected users need to uninstall the Trojan and reinstall affected files, according to Symantec. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline, wrote Cox.
Both Symantec and F-Secure warned that users should be cautious when installing third-party iPhone applications. Apple warned in September last year that its own updates could break unlocked iPhones running unofficial iPhone software.
Just In
You have to be standing on a corner in Pittsburg wearing a green and red rubber suit while surfing phrack sites looking for a bluebox tone generator so you can place a call to India on Sunday. Seems to me that you'd need to go way out of your way to get this thing onto your phone.
Has anyone actually seen it, or are we facing another "security alert" that's designed to get us to buy more security software? FUD, FUD, FUD. It's really easy for an industry group member like F-Secure or Symantec to publicize a trojan that's no longer available since the average Jane can't disprove the claims... I wonder when F-Secure, Symantec and the others offer their "iProtection Suite[tm]". Hey, you better buy more security software, or you'll be sorry.
Has anyone actually seen it, or are we facing another "security alert" that's designed to get us to buy more security software? FUD, FUD, FUD. It's really easy for an industry group member like F-Secure or Symantec to publicize a trojan that's no longer available since the average Jane can't disprove the claims... I wonder when F-Secure, Symantec and the others offer their "iProtection Suite[tm]". Hey, you better buy more security software, or you'll be sorry.
Viri usually start out as harmless prank viruses (I remember the one for DOS i think it was, that cuased your computer to play a Sousa march. the very american one...forget what it was (da da dee da da ee da da da...). Harmless but annoying. But they got worse from there. These are more "proof of concept" kind of things, to show they CAn get into it. What if they decided to make it delete the core directory instead? posted on a forum, common way to xfer stuff like this initially. I think someone was testing the waters before delving into something a little more serious
If I intentionally jailbreak my product using unauthorized software and use it to intentionally install more unauthorized software from a questionable source, something bad might happen?
Um, ..... duh?
Um, ..... duh?
the only mention of jailbreak-ed phones running unauthorized software was a separate paragraph about an apple advisory that came out last september. This is something different.
And yeah, now that it's been done, look for more.
And yeah, now that it's been done, look for more.
Well, since you can't install 3rd-party software without jailbreaking your iPhone I guess it would be assumed it had already been broken.
NT
But to install this trojan, you'd need to "jailbreak" the iPhone. Plus, from the description, it sounds like this trojan was disguised as a jailbreak update.
As for there being more, there's still no 3rd party corroboration that the thing even exists in the first place. Only the FUD from the security software firms (which was the purpose of my original comment).
As for there being more, there's still no 3rd party corroboration that the thing even exists in the first place. Only the FUD from the security software firms (which was the purpose of my original comment).
And yes, I think someone is testing the waters.
-S
-S
The earliest PC virus I ever encountered (1983-1986?) was a floppy boot sector virus that caused random floppy writes to be thrown away "silently", thus randomly corrupting your disk. Once the hard drives were out for PCs, a flavor of this virus also did this for HD writes. If I recall correctly, it would only start acting up after some number of boots had passed (no non-volatile clock/calendar on early PC and PC-XTs), thus ensuring that it would have a lot of chances to infect diskettes.
The random failing looked, to the casual observer with sufficiently good tools, like a possible hardware problem.
Someone duplicated this virus for the Atart ST as well. Nasty bit of business that one -- I was bitten badly when a diskette I had taken to a LUG meeting with a demo of some software my employer was developing got infected. It corrupted the FAT on my 20MB SCSI drive, and I lost a lot of stuff (LSE enhanced MicroEmacs with a C like scripting language, several MIDI programs, and a very sophisticated disk defragmenter/optimizer) that I had developed at home and had not backed up. That was 1988.
The random failing looked, to the casual observer with sufficiently good tools, like a possible hardware problem.
Someone duplicated this virus for the Atart ST as well. Nasty bit of business that one -- I was bitten badly when a diskette I had taken to a LUG meeting with a demo of some software my employer was developing got infected. It corrupted the FAT on my 20MB SCSI drive, and I lost a lot of stuff (LSE enhanced MicroEmacs with a C like scripting language, several MIDI programs, and a very sophisticated disk defragmenter/optimizer) that I had developed at home and had not backed up. That was 1988.
you know...the cool ones that would flip your screen upside down or make your CD drive open and close randomly...
I still have that on disk somewhere, just need to find a 5 1/4 drive to infect someone with it.
I believe the Sousa song is the Washington Post March.
Wikipedia's article has a link to a midi file of it.
http://en.wikipedia.org/wiki/The_Washington_Post_(march)
Just in case not knowing was bothering you...
Ima
Wikipedia's article has a link to a midi file of it.
http://en.wikipedia.org/wiki/The_Washington_Post_(march)
Just in case not knowing was bothering you...
Ima
I've got a MacBook Pro and several iPods - as well as both Windows and Linux desktops and laptops I either own or am responsible for. While I love Apple products and consider them somewhat inherently safer than Windows products, I'm also aware there's no such thing as a 100% bulletproof system - and Apple users HAVE gotten complacent in the last few years.
Though it sounds like there's a several-step process to catch this Trojan, I can't help but remember the IT Guy's bromide, "Social engineering - b/c there's no patch for human stupidity." If the Bad Guys figure out some clever way of convincing iPhone users they really, REALLY need what this Trojan pretends to be, then there are thousands of iPhone users who will be just stupid enough to obediently follow along and infect themselves.... :/
Though it sounds like there's a several-step process to catch this Trojan, I can't help but remember the IT Guy's bromide, "Social engineering - b/c there's no patch for human stupidity." If the Bad Guys figure out some clever way of convincing iPhone users they really, REALLY need what this Trojan pretends to be, then there are thousands of iPhone users who will be just stupid enough to obediently follow along and infect themselves.... :/
Great post!
When an Apple product gets a virus or Trojan, or heaven forbid reports a vulnerability. But if someone mentions an obscure vulnerability in Chinese versions of Exel...then look out because that hard core proof that MS products are a security sieve.
Evryone here gets a laugh out of the fact that you have to crack the iPhone first to even get this virus, not like its going to be a popular habit for many iPhone owners.
The fact is that as soon as you get any product as popular as an iPhone you are going to have many people wanting to install and use third party applications. So the best you can do is point and laugh at the people who do it because it will inevitably make them more vulnerable to attacks through third party software. But one thing for sure, if you are going to act like its some kind of rare or odd thing to do you will be wrong on that count.
Count on it happening more and more often the longer the iPhone is around. Count on the fact that some lunatic is already working on how the "big one" will make an impact. And we all know, when it comes to this kind of thing, when there is a first one, there is always a second one sooner or later.
Evryone here gets a laugh out of the fact that you have to crack the iPhone first to even get this virus, not like its going to be a popular habit for many iPhone owners.
The fact is that as soon as you get any product as popular as an iPhone you are going to have many people wanting to install and use third party applications. So the best you can do is point and laugh at the people who do it because it will inevitably make them more vulnerable to attacks through third party software. But one thing for sure, if you are going to act like its some kind of rare or odd thing to do you will be wrong on that count.
Count on it happening more and more often the longer the iPhone is around. Count on the fact that some lunatic is already working on how the "big one" will make an impact. And we all know, when it comes to this kind of thing, when there is a first one, there is always a second one sooner or later.
that 50% the people "first in line" for any new software product are hackers and virus writers?
We had an Apple Lisa and Apple send us some beta Mac software to test out. It came with a big warning to remove it by such and such a date. We installed it, played with it, and forgot about it. The date came by and the Apple beta-Mac software wiped the Lisa HD clean. Not just the beta-Mac stuff, the entire disk. Thanks a lot, Apple! Well, that Lisa was there for Lisa and Mac SW development; after that we did not do any more development for Apple.
wow. this one must be a genius. As long as Apple keeps on putting out commercials that indicate they are hack proof, morons will buy into it, and be hurt by trojans like this.
Other that that, you have it straight. obviously it has happened to someone, or it wouldn't be called "In the wild". Any more dumb questions?
Other that that, you have it straight. obviously it has happened to someone, or it wouldn't be called "In the wild". Any more dumb questions?
LOL! Suckers! Yet another reason not to get the iPhone, as if the price wasn't enough.
that's odd, my Mogul is QUITE nice. HTC was even kind enough to have free program that allow me to make my own ringtones, and close programs within the Today screen (my big pet peeve with PPC is the fact i have to go to memory to shut down programs. Problem solved)Program is called XButton, for those interested.
PALM is dead. Had 2 (3 if you count non phone). Ok, but not great. Its aged. Only thing I liked more about the 700P was the battery...ok strike that, it doesn't have that much better battery life either.
Since I don't own an overpriced piece of proprietaries called an iPhone, I can do what I want with my phone. Without worrying about apple frying my phone.
Yes, Pocket PC is SOOOOOOOOOO horrible...
PALM is dead. Had 2 (3 if you count non phone). Ok, but not great. Its aged. Only thing I liked more about the 700P was the battery...ok strike that, it doesn't have that much better battery life either.
Since I don't own an overpriced piece of proprietaries called an iPhone, I can do what I want with my phone. Without worrying about apple frying my phone.
Yes, Pocket PC is SOOOOOOOOOO horrible...
that would be the iPhone. You know, the ones with the unresponsive/dead screens and other issues now showing up less then six months after it's release.
At significantly less then half of what an iPhone costs my HTC may not have a ton of memory at 2 gig, but it plays music, plays video, takes pictures or video, handles documents, Excel, Powerpoint, pdf, handles email and text messaging great has a fairly large screen with a full qwerty keyboard, records voice, can use voice commands, plays games, has wireless and bluetooth, is a great phone and is a fairly compact and thin unit but has very solid quality construction. Ya. Lets get a Windows Mobile Phone.
How can you say that about WM; have you used one lately? I'm not preaching about them, just asking is all. I can say that I have, although I don't own one (A bit pricey, and my regular phone works just dandy for me) - And it certainly wasn't a POS.....Can't say the same for the iPhone, because I haven't used one (And I'm not sure that I will, to be honest).
I agree with alot of people - This is just the calm before the storm with the trojan writers - You know it as well as we do.
The thing I'd like to know, is how long until they start going after "other things by Apple"?
Just my .02, mind you.....
I agree with alot of people - This is just the calm before the storm with the trojan writers - You know it as well as we do.
The thing I'd like to know, is how long until they start going after "other things by Apple"?
Just my .02, mind you.....
thanks for the update, everyone should always take heed to these important notices concerning virus/trojans... again thanks for the info
Windows Mobile seems to be immune from this trojan. Great news!
That is simply undeniable. Your iPhone is NOT immune although your personal security practices may make your chances of getting this malware quite small. Gee, kind of like me with Windows. 
The so-called malware is actually no longer available. The REAL story is somewhat humorous. I found it, I bet you can too if you put your mind to it.
OBTW, I heard that if you take a cell phone and throw it on the ground hard enough, it often breaks.
OBTW, I heard that if you take a cell phone and throw it on the ground hard enough, it often breaks.
This is one of those "social engineering" trojans -- you get tricked into downloading and installing it. Yes, the platform it targets is the iPhone, but you can bet your penultimate dollar that, if your Windows Mobile device allows you to install any software at all that can modify the contents of the file system, a similar trojan can be written for it as well.
This trojan does not exploit an inherant flaw in the iPhone platform, it exploits an inherant flaw in the user.
Note: I don't have an iPhone, nor do I intend to get one. I'm not a Mac zombie -- I do own a Mac Mini (PPC based), but it's not my most powerful machine. Heck, I even now have a system running Vista, though I intend to upgrade that to XP when I have a chance.
This trojan does not exploit an inherant flaw in the iPhone platform, it exploits an inherant flaw in the user.
Note: I don't have an iPhone, nor do I intend to get one. I'm not a Mac zombie -- I do own a Mac Mini (PPC based), but it's not my most powerful machine. Heck, I even now have a system running Vista, though I intend to upgrade that to XP when I have a chance.
Jus' lurv dis post, dis mun him got some insight wisdum...but wot he ain't got (along wid all dose udder material pOzzeshuns is a DICOSHUNAIRY. Enjoying so far? Ah shure is gettin' a kick outa dis fake carabeen style linguistics.
No really just wanted to point out that the word inherent is spelled with an e twixt r and n! Why are not spellcheckers as ubiquitous as trojuns?!
And I do go along with the no need for that extraneously luxury product, just gimme some good basic translucent, high energy products to help me run my digItal lifestyle!
No really just wanted to point out that the word inherent is spelled with an e twixt r and n! Why are not spellcheckers as ubiquitous as trojuns?!
And I do go along with the no need for that extraneously luxury product, just gimme some good basic translucent, high energy products to help me run my digItal lifestyle!
How else could anything remotely negative be said about the Sacred Benevolent Apple Society? The fact that it is one weenie trojan that you have to find, and install, does nothing to quell the ire he feels as he lunges to defend the hive!
lol
lol
This is only the beginning, given technology such as J2MEE or midlets may be employed in the future to attack cell phones with small footprints. Check out www.nvo.com/stanmorgan for the latest on malware, trojan horses, and the future danger.
Did they mean OpenSSL or OpenSSH? The description sounds like OpenSSL more than OpenSSH. And if its OpenSSH was the OpenSSH client or the server overwritten? The potential damage that could do is dangerous.
Isn't calling these things "Trojans" a bit unfare to the good people of Troy? I mean
come on, haven't they dealt with the whole Trojan Horse stigma long enough? Why
aren't they called Spartans, or Caucasians (for people from the Caucuses), etc.?
Perhaps instead of attacking a racial group, we should name these things for groups
who choose to be who they are, like "politicians", or something like that.
come on, haven't they dealt with the whole Trojan Horse stigma long enough? Why
aren't they called Spartans, or Caucasians (for people from the Caucuses), etc.?
Perhaps instead of attacking a racial group, we should name these things for groups
who choose to be who they are, like "politicians", or something like that.
Since it was the Greeks that built the first horse wouldn't it be more accurate to refer to it as a "Greekian Horse"?
R
R
Grecian.
you're right. My treo 700Wx is a total PITA as a phone. As a pDA its good (for me).
-S
-S
lmao .... if a person is that stupied to download **** from 3 rd parties they dont know than they shouldnt have a iphone
TY for reporting. If anyone thinks any OS is invincible - very wrong. Type of person to create viruses - do so for challenge/amusement. More Apple products - will produce individuals finding ways to break through. Keep an eye on those who may sabotage.
Trojan horses need the user to install them. They masquerade as a good thing but are a bad thing.
Viruses spread and replicate themselves without needing user knowledge or participation.
It's not news that there are Trojans for the iPhone, but this is the first publicly known one. This makes it newsworthy. There is no security suite that will prevent you from shooting your own foot.
Viruses spread and replicate themselves without needing user knowledge or participation.
It's not news that there are Trojans for the iPhone, but this is the first publicly known one. This makes it newsworthy. There is no security suite that will prevent you from shooting your own foot.
The iPhone is essentially a full featured computer running a non multiuser operating system which makes it easy to exploit. As the iPhone further increases popularity I wouldn't be surprised if these pieces of malware increase in population forcing Apple to eventually do something about it. But for the time being we can all breath a sigh of relief as our iPhone's are still safe...
- John Musbach
- John Musbach
I would buy this phone even if apple shipped it with this Trojan!!!
Long live Steve Jobs
Long live Steve Jobs
there are so many, it's a guarantee that is 'popular' enough to get several more. Now Symbian can breathe easier, it won't be alone.
As i've said again and again, people should not tinker on their iPhone nor install software that does not come from Apple.
Mars M.
http://www.iphone-codes.com
Mars M.
http://www.iphone-codes.com
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
