iPhone worm code suggests mobile botnets may be future risk
Security researchers have analyzed the code and design of recently discovered malware that targeted jailbroken iPhones. The code exists as a proof of concept that smartphones could easily be turned into a mobile botnet capable of stealing sensitive personal data.
So far, what little malware has been released for the iPhone has only affected the small percentage of folks who jailbreak and leave an SSH daemon running with the default root passwords. While some of these programs have been nothing but harmless pranks, a malicious version that attempted to create an iPhone botnet has been analyzed by researchers, leading them to conclude that mobile phones could quickly become a major target for malware writers.
The worms all started when a Dutch hacker decided to use port scanning to find iPhones with open SSH ports and default root passwords. He wrote a little program that would change the wallpaper to look as though a somewhat official-looking warning box had opened, which warned the user about running open SSH ports with default passwords. An Australian hacker then used the technique to create a worm that was self-replicating.
Read more: arstechnica.com