Blog: Worm

There is a new iPhone worm that uses the insecure SSH service installed on jailbroken iPhones.  Last week, there was discussion about an attack on iPhone users in the Netherlands where the attackers demanded owners pay 5 EUR to get rid of the Trojan.

"Jailbroken" (or hacked) iPhones or iPod Touch devices are devices where users have bypassed Apple's official distribution and are running unofficial code.  Once an iPhone or iPod Touch is jailbroken, users are able to download various applications previously unavailable through Apple's App Store from unofficial installers such as Cydia or Rock App.

To learn more, visit http://isc.sans.org/diary.html?storyid=7549


 

About 2 weeks ago a new botnet worm called "psyb0t" was discovered according to DroneBL blog post (http://www.dronebl.org/blog/8).  This worm appears to be the first botnet worm to specifically target routers and DSL modems.  It is believed the worm has been active since at least January, and it is estimated that more than 100,000 hosts have been infected so far.  The worm was first discovered by DroneBL as part of an investigation into the DDoS attacks against DroneBL's infrastructure.  A few of the malicious things the worm is designed to do include; harvest account information (usernames & passwords) through deep packet inspection, attempt to brute-force accounts, and can scan for exploitable phpMyAdmin and MySQL servers.