Apple has commented on the iPhone virus that is spreading at the moment, dubbed iBotnet.A.

Natalie Harrison, an Apple spokesperson said: “The worm affects only a very specific set of iPhone users who have jailbroken their iPhones and hacked it with unauthorized software. As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.”

The virus starts by sniffing for possible targets in the local network of the phone. If it finds a jailbroken iPhone with SSH installed and the default password ‘alpine’, it copies itself to the target phone. It changes the default SSH password form ‘alpine’ to ‘ohshit’, to prevent the user from changing it and securing the phone. After that it connects to a server in Lithuania, where it sends files harvested from the phone, and from where it can also download new files and data to update itself. The ability to download and execute files makes this worm very sophisticated. This makes it possible for the developer to turn the worm into a botnet-client, and use it for DDOS attacks.

The worm creates for itself an unique identifier, that it uses when it connects to the remote server. This is so that no-one else can connect to the server, but the worm itself. The last thing the worm does, is that it edits a file in /etc/hosts on the phone. If someone from the Netherlands after that tries to go to an online bank called IGN Direct with their iPhone, they will be taken to a bogus site that will most probably harvest their login user names and passwords.

If you have a jailbroken iPhone with SSH enabled, be sure to change the default password! This can be done by using an application called Mobile Terminal(or any other app that works as a terminal). Open it up and login as root (su root). After that you can change the password with the passwd command.

[via]