Worm inflicts Rick Astley wallpaper on jailbroken iPhones
The first worm targeting Apple's iPhone is alive and spreading in the wild. But most iPhone owners need not worry about it.
The worm, known as Ikee, is as malware goes, pretty harmless in that all it does is change the lock screen wallpaper to a picture of 80's signer Rick Astleybefore looking for other devices to infect. Users who try to un-Rickroll themselves by changing the wallpaper back to the one they want find that Astley is back when the iPhone restarts.
Note: The name comes from the message displayed on the wallpaper: "ikee is never going to give you up."
Most iPhones are safe from Ikee because the malicious code can only run on devices that have been jailbrokento allow it to run unofficial code. On top of that SSH (Secure Shell) must be installed and the password must be the default one - "alpine."
"Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm," said Graham Cluley, a technology consultant with security vendor Sophos. "Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload." Right now there are four variants of Ikee, none of which are harmful.
There's a fair bit of discussion on Ikee on the popular Australian forum Whirlpool.
As a side note, Cluley seems to have uncovered a fair bit of information on the person who wrote the worm.
So far there are no reports of Ikee infection outside of Australia.
Bottom line, if you don't know what you are doing, and understand the consequences of your actions, jailbreaking an iPhone isn't something you should be doing. If you've got a jailbroken iPhone then you should change the root password as soon as possible.
Removing Ikee
Here are instructions on how to remove Ikee variants
Variants A, B and C
- Remove: /bin/poc-bbot
- Remove: /bin/sshpass
- Remove: /var/log/youcanbeclosertogod.jpg
- Remove: /var/mobile/LockBackground.jpg
- Remove: /System/Library/LaunchDaemons/com.ikey.bbot.plist
- Remove: /var/lock/bbot.lock
- Reboot the iPhone, reinstall SSH and change the default root password
Variant D
- Remove: /usr/libexec/cydia/startup
- Remove: /usr/libexec/cydia/startup.so
- Remove: /usr/libexec/cydia/startup-helper
- Remove: /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
- Reinstall Cydia from the terminal as follows: Su root alpine get-app remove cydia get-app install cydia
- Reboot the iPhone and change the default root password