First iPhone Worm Hits Australia with Pop Singer in Tow
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

First iPhone Worm Hits Australia with Pop Singer in Tow

Written By
Brian Prince
Brian Prince
Nov 9, 2009
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The first known worm for the Apple iPhone is sweeping across Australia, and it is taking advantage of default SSH passwords on jail-broken phones.

The attack vector is the same as the one exploited by a Dutch teenager last week in a brief extortion attempt. This time around, the mind behind the attack isn’t doing anything bad-unless you don’t like having English pop singer Rick Astley as your wallpaper.

Once installed, the worm-known as ikee-tries to find other iPhones on the mobile phone network that are vulnerable so it can propagate. On each installation, the worm changes the lock background wallpaper to an image of the 1980s singer with the message: -ikee is never going to give you up.’

“Ashley Towns, the author of the worm, says he personally infected 100 jail-broken iPhones,” said Graham Cluley, senior technology consultant at Sophos. “Those iPhones would then have tried to infect other jail-broken iPhones, and so on, and so on.”

The jail-broken iPhones impacted by the worm are running an SSH with the iPhone’s default password. Last week, news reports surfaced that a Dutch attacker used the same situation in combination with port scanning and OS fingerprinting to find iPhones in T-Mobile’s 3G IP range to install backdoors on the phones and scare users into paying ?ö?®??5 (US$7.43) for instructions on how to thwart the attack.

Security vendor F-Secure reported that the latest attack scans a handful of IP ranges, mostly in Australia. As of Sunday, the company had no confirmed reports of the worm outside of Australia. The company noted that there are four variants of the worm, and that Towns has provided full source code for the malware. That means more variants could be forthcoming, and both Cluley and F-Secure agreed the next payload could be worse.

“We can only hold our breath and hope it doesn’t happen,” Cluley said. “Unfortunately the genie is out of the bottle as the worm’s code has been published on the Web. It would be relatively trivial for malicious hackers to adapt the code to make the worm more financially motivated rather than mischievous.”
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information