Monday, April 25, 2011

How to Fix the iPhone Worm

If your iPhone is jailbroken and if you see the below image as your home screen, it is time to tighten your pants security and fix your worm affected iPhone.


A hacker named ikex has created what’s apparently the first iPhone worm, and it’s currently infecting jailbroken iPhones across Australia. The “ikee” worm, as it’s being called, takes advantage of the fact that jailbroken iPhones with SSH installed all have the same default root password of “alpine,” and once in the system it changes your wallpaper to an image of Rick Astley and then tries to install itself on other jailbroken iPhones on the network. On the top of the screen it says “ikee is never going to give you up”. If you have been affected, luckily there is no harm done as this virus was more of an experiment than anything else.
Once an iPhone has been infected by ikee, it automatically starts searching for other iPhone’s on the cellular network that use the root:alpine username/password combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again and this goes on like a nuclear chain reaction. ikee virus will disable SSH access on your iPhone and will change the background image to that of “Rick Astley” as can be seen in the screenshot above.
To protect your jailbroken iPhone or iPod touch from ikee virus attack or any other similar attacks in the future, you must change your default SSH password now.

How to Change Default SSH Password and Fix ikee Virus on iPhone?


2. Start MobileTerminal app and type the following command to change the root password

login

Press enter. And then type

root

as your login and ‘alpine‘ as your current root password.
After logging in, Type

passwd

Press enter.



3. It will now prompt you to enter a new password (twice). Simply enter your desired new password again.

Now. it should all be fine.

And the following step: you need delete the virus files there are two methods to delete them:
M1.You can Delete the files in the SSH
M2.(Recommended) Delete the files via iPhone Explorer

Download iPhone Explorer for Windows
Download iPhone Explorer for Mac

Run iPhone Explorer , click CHANGE ROOT DIRECTORY,then click REAL IPHONE ROOT DIRECTORY(ADVANCED USERS), you can see all the catalogs
3.Delete the following files :
(1). /var/mobile/Library/LockBackground.jpg
(2). /System/Library/LaunchDaemons/com.ikey.bbot.plist
(3). /bin/poc-bbot
(4). /bin/sshpass
(5). /var/log/youcanbeclosertogod.jpg
 
4. After deleting the files, reset your home paper, reboot iphone, Done!!!