New jailbroken iPhone worm is malicious

The hacker should consider learning English Grammar.

I think some people here need a colonic or something. If someone asks how, why waste your time having a go at them? Do us all a favour and don't answer if you can't be arsed to tell them. This is an open comments section, not an elitist know it all kiss my own arse because I know and you don't flame section. If you can't be nice then keep your idiotic opinions to yourself.

On another note the main reason this is happening and shouldn't is because the carriers in these countries don't follow basic security protocols and allow incoming connections on port 22. O2 UK doesn't do this.

Nice image, Dave!

You know, I don't get it! What exactly are you guys getting out of jailbreaking the iPhone? Do you really need to tether? Do you really need to have video on your phone (for what 2 minutes max)? Do you really need MMS - even though Apple has given it to you finally?

Just what the heck are you getting out of doing this? I am all for experimenting, but it would seem to me that people are not being practical. It's become all about being the first one to hack a machine; making it do something it wasn't supposed to do; challenge the establishment.

But you know what they say, "It's all fun and games until someone gets hurt."
Don't blame Apple for "Alpine." Look at the Mirror!

Rick.

Per Jimbo's instructions on the last iphone worm post:

I don't know if this is useful to anyone but.
****How to change your root password ****
Assuming you have a Jailbroken iPhone
1. Install Open SSH via Cydia
2. Install Mobile Terminal via Cydia
3. Restart iPhone
4. Start Mobile Terminal and type "login root"
5. Enter default root password "alpine"
6. Enter "passwd" command hit return
7. Enter new password, confirm password.
8. Done, your phone is now safe.
Remember there are two passwords one for the mobile account and root account. You can change the mobile if you want also. if you want to do that just skip step 4 and continue with the rest. As you are already in the mobile account when you initially start Mobile Terminal.

source: http://www.tuaw.com/2009/11/03/dutch-hacker-accesses-jailbroken-iphones-requests-5/

Ok, one more time. JAILBREAKING ALONE DOES NOT MAKE THE IPHONE VULNERABLE. YOU HAVE TO INTENTIONALLY ENABLE SSH AND LEAVE THE PASSWORD UNCHANGED IN ORDER FOR THIS TO BE A THREAT.

Enough fucking fud, alright?

On the one hand, the jailbreak people should have done more to actively encourage users to change the password, such as making it a standard part of the pwnage app. On the other hand, given that these things can only spread via local networks, and given how few phones (relatively speaking) have been jailbroken, I don't see how even the vast majority of jailbreakers are in even the slightest danger. Apple et. al. love the story, since it makes the jailbreakers seem like everything they warned us about, but it's really not a significant real-world danger (even if it sucks should it happen to you).

There is a way easier way to do this that I posted on here a few weeks ago let me find and link to it.

@Oliverbender:

"Your [sic] kidding"

"there [sic] time"

What a maroon! What an ignoranimus!

Ditto @Dan Woods.

But at the end of the day, this is just a phishing scheme, is it not? It just loads up an ING Direct login screen, and changes the root password, from what I can gather.