Jailbroken iPhones targeted by new web worm

iPhones which have been 'jailbroken' - modified to run software or work on networks other than those enabled by Apple - are being specifically targeted by hackers.

The new bug - which follows hot on the heels of the first effective iPhone worm created by Aussie hacker 'Ikee' - is so far only hitting Netherlands users on jailbroken devices using a specific banking site.

Ikee's virus replaced wallpaper on Aussie iPhone users' jailbroken phones with a photo of 80s one hit wonder Rick Astley - an internet meme called Rickrolling - but shows just how quickly clever pieces of code can be modified to become truly malicious.

Sophos security blogger Graeme Cluely said: "Some may have thought that the Ikee iPhone worm was a one-off.

"Some people might have imagined that lightning wouldn't strike iPhones more than once - but they were wrong. And one thing is certain - you can be sure that if hackers find they can make money out of poorly-secured jailbroken iPhones, they will continue to attack them.

He says the new worm - dubbed 'Duh' after a section of its code - is capable of using iPhones as part of a botnet.

"It is much more serious than the original Ikee worm because it is not limited to infecting iPhone users in Australia, and communicates with an internet Control & Command centre, downloading new instructions - effectively turning your iPhone into part of a botnet."

The Duh worm relies on users having installed OpenSSH and not changing its default password from 'alpine".

Infected phones pointed at internet banking with Dutch online bank ING are currently being redirected to a fake banking site with a login screen designed to steal users' passwords.

ING has posted a warning on its website.

- NZ HERALD STAFF