It didn't take long for hackers to take advantage of a potentially dangerous exploit affecting jailbroken iPhones. The vulnerability first gained notoriety earlier this month when a hacker from the Netherlands took control of modified iPhones and sent the owners an SMS requesting a fee for instructions on how to protect thier device. He later backed down and posted the fix for free, but by then, the cat was out of the bag.
Fast forward a few weeks and we now have the first malicious worm making the rounds on jailbroken iPhones and iPod touch devices. According to reports, the worm uses command--and-control like a traditional PC botnet. it configures two startup scripts, one of which is used to execute the malicious worm during boot, and the other to make a connection to a Lithuanian server in order to upload stolen data and hand over control to the bot master.
The worm works by changing the root password from the default of "alpnie" that Apple put in place in the factory firmware. It attacks IP ranges from a wider range of ISPs, including UPC, Optus, and T-Mobile.
The recommended fix is to restore jailbroken iPhones to the current Apple-supplied firmware.