Malware Rickrolls jailbroken iPhones



November 8th, 2009

Got a jailbroken iPhone? Then you need to read this:

The first worm targeting Apple’s iPhone is alive and spreading in the wild. But most iPhone owners need not worry about it.

The worm, known as Ikee, is, as worms go pretty harmless in that all it does is change the lock screen wallpaper to a picture of 80’s signer Rick Astley before looking for other devices to infect.

If you're running a jailbroken iPhone and you didn't change the root password fro the default "alpine" (yes, the whole hacking world knows that it is) then you should change it now!

Here are instructions on how to remove Ikee variants

Variants A, B and C

  • Remove: /bin/poc-bbot
  • Remove: /bin/sshpass
  • Remove: /var/log/youcanbeclosertogod.jpg
  • Remove: /var/mobile/LockBackground.jpg
  • Remove: /System/Library/LaunchDaemons/com.ikey.bbot.plist
  • Remove: /var/lock/bbot.lock
  • Reboot the iPhone, reinstall SSH and change the default root password

Variant D

  • Remove: /usr/libexec/cydia/startup
  • Remove: /usr/libexec/cydia/startup.so
  • Remove: /usr/libexec/cydia/startup-helper
  • Remove: /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
  • Reinstall Cydia from the terminal as follows:
        Su root
        alpine
        get-app remove cydia
        get-app install cydia
  • Reboot the iPhone and change the default root password

This entry was posted on Sunday, November 8th, 2009 at 22:27 and is filed under Stay Safe!. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.