BBC is running an article which is reporting a first ever worm on iphone. It is important to note that this worm does not effect all iphones. Only the jail-broken iphones are vulnerable to this problem. Moreover, not all jail-broken iphones are vulnerable. Only the jail-broken iphones, whose root password is left as the default password ('alpine') after installing SSH, are vulnerable. This worm will not spread to phones where the default password is changed to something else.
So, in a way this is a dumb virus which relies on a known root password. But the reality is that many people do not change(or do not know how to change) their default password. The current form of the worm is not harmful. It just changes the wallpaper. But the author has released the source code of the worm. This can lead to harmful virus in the future using the same technique.
Update: There is already a second worm named "iPhone/Privacy" which uses the same technique as the above. This worm is a harmful one. Its steals personal data, like e-mails and contacts etc, without the knowledge of the user. See this article.
Showing posts with label virus. Show all posts
Showing posts with label virus. Show all posts
Tuesday, November 10, 2009
Thursday, April 9, 2009
Confiker is paging home...
In case you do not know about confiker(a.k.a downup/downadup), it is the most widespread virus till date. It propagates by exploiting a vulnerability in windows. The estimated number of computers that this virus has affected range from 9million to 15million (by different security teams). Microsoft announced $25,000 reward for any information that will lead to finding the creators of this virus but none was successful till now because the code is very obfuscated. See the wikipage for more information on this.
The interesting part is that the malicious action to be performed by this virus is not hardwired into it. First it just spreads and form a big botnet(a network of affected machines). It has the capability to download a payload(action to be performed) later and execute it. It has an interesting way of dowloading the payload. The 'D' variant of this virus generates a pool of 50000 domains everyday and randomly pick 500 of them and look for payload. Many experts believed that this virus will download the payload on 1st of April signifying the April Fools Day, but nothing happened on that day. It really made a fool out of the experts :)
A week after the April Fools Day, this virus seems to be actively downloading payload. It is downloading payload from the Waledac botnet, which is a botnet known for data-theft and spamming. Slashdot is running an article on this which points to this article. Here is one more article about this activity from Trendmicro and one more article from Zdnet.
Update: Cnet has an article where it mentions that this virus installs fake antivirus software which actually installs a trojan downloader. It fakes as if the system is effected with a virus and offers to clean it for $49.99. Funny, isn't it ?
The interesting part is that the malicious action to be performed by this virus is not hardwired into it. First it just spreads and form a big botnet(a network of affected machines). It has the capability to download a payload(action to be performed) later and execute it. It has an interesting way of dowloading the payload. The 'D' variant of this virus generates a pool of 50000 domains everyday and randomly pick 500 of them and look for payload. Many experts believed that this virus will download the payload on 1st of April signifying the April Fools Day, but nothing happened on that day. It really made a fool out of the experts :)
A week after the April Fools Day, this virus seems to be actively downloading payload. It is downloading payload from the Waledac botnet, which is a botnet known for data-theft and spamming. Slashdot is running an article on this which points to this article. Here is one more article about this activity from Trendmicro and one more article from Zdnet.
Update: Cnet has an article where it mentions that this virus installs fake antivirus software which actually installs a trojan downloader. It fakes as if the system is effected with a virus and offers to clean it for $49.99. Funny, isn't it ?
Subscribe to:
Posts (Atom)