iPhone Viruses

A lot has happened in the past week with iPhones. First let me explain what “jail breaking” means.

iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.

Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.

Now for a summary of what’s happened recently:

First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.

How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)

It only affected some jail broken phones. People were told that it’s nothing to worry about.

Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.

It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.

How can you protect your iPhone?

  • Firstly, if you don’t jailbreak your phone you have nothing to worry about.
  • If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.

Summary

An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.

Heath Ledger Malware

As always whenever something becomes popular with the media dozens of malware sites appear overnight promising to have interesting articles. Instead they link to malicious code that can end up being installed on your computer.

In short, if you search for Heath Ledger and end up at a website asking you to install “A new version of ActiveX Objectclose your web browser immediately.

A good anti-virus package will filter malicious web sites and help protect you.

Symbian Phones

Nokia N95There’s a new worm (malicious code) going around infecting mobile phones that use the Symbian system (see below for a list of phones). There are two variants called the Beselo.A and Beselo.B worms.

It gets transmitted by Bluetooth or by MMS so you can’t really avoid receiving it. It consists of two parts:

  • An attachment with an interesting name, such as beauty.jpg, sex.mp3, or love.rm
  • A text message asking you to “install” the attachment to view it

With MMS messages it’s not necessary to “install” anything to view a picture or to play an audio attachment. What’s really happening is there’s no picture or audio file attached, it’s a malicious program. The wording of the message is just a trick to install the worm (a technique known as social engineering). If it were really a picture you’d be able to see it without installing anything, and likewise for audio attachments.

If you receive a message asking you to install something and it promises to show you a picture or play an audio file, say no. Delete the message.

F-Secure make an antivirus package specifically for phones that use Symbian, and that would detect the file. But common sense and the explanation above should be sufficient to avoid it.

Below are some of today’s popular phones that use Symbian S60. If your phone is on this list then it’s vulnerable to this attack.

  • LG – JoY
  • Nokia – 3250, 5500 Sport, 5700, 6110 Navigator, 6260, 6290, 6600, 6630, 6680, 6682, E50, E51, E60, E61, E61i, E65, E70, E90, N70, N72, N73, N75, N76, N80, N81, N90, N91, N92, N93i, N93, N95, N95 8GB, N82, N81 8GB, 6120, N77
  • Nokia (discontinued) – 6681, 6670, 3230, 7610, 3650, 3600, 3660, 3620, 7650, N-Gage, 6620
  • Panasonic – X800, X700
  • Samsung – SGH-D720, SGH-D730, SGH-i450, SGH-i520, SGH-i550, SGH-i560
  • Sendo – X
  • Siemens – SX1

Gameige.com has been compromised

GnomeSome pages on the website gameige.com have been compromised, using iframes to cause people’s browsers to download malware and steal information from the computer. This is a risk if your web browser loads ActiveX controls (such as Internet Explorer). Gameige.com is used by players of online games such as World of Warcraft.

The use of a good antivirus program that filters websites would help here. And hopefully by the time you read this the people supporting the site would have fixed it.

Top 20 Internet Security Risks

SANS is an organisation that does a lot of security research as well as other things, and they have a good reputation for their work. They’ve just published a report showing the top 20 internet security risks. They point out that social engineering is one of the biggest risks at the moment. Social engineering is the term used to describe how people effectively trick (or otherwise convince) others to provide sensitive details.

There’s a lot of detail in this report and it’s well worth reading. Below are a few bits of information from the report and it’s just not possible to summarise it all here. Have a read through it if you have time.

  • Web applications are vulnerable to being hacked and information misused or stolen.
  • People can be manipulated
  • The following applications are the most vulnerable:
    • Web Browsers
    • Office Software
    • Email Clients
    • Media Players
  • Unencrypted laptops are a risk to losing large amounts of data
  • Instant messaging and peer-to-peer programs are a risk to businesses

The full report is here. It’s long and very detailed, and well worth your time in reading it.

Suspicious Websites

It's a trapWith apologies to all those who conduct legitimate activties on the following sites I’d like to warn you on the current trend of malicious sites.

At the moment a lot of sites hosted on Geocities contain various bits of malware. So if you see a link anywhere (in an email, in a chat window, on another web page) that begins with geocities.com be very suspicious.

And secondly there’s been so much malware coming from Chinese web sites. So be cautious of any link that has .cn in the address.

The Popularity of Videos

Online videos are popular these days and as with anything popular scams are everywhere. The following two items take advantage of this popularity.

1. A movie called ” Lust, Caution” has been attracting some attention lately. Some websites have been setup (in China) that promise the ability to download a bootleg copy of the movie. What the websites don’t point out is that the download is infected with a virus that steals your passwords.

So don’t try illegally obtaining copyrighted movies, and especially not this one.

2. YouTube Scams – An email has been doing the rounds containing an ad for a video supposedly hosted on YouTube. The email goes on to explain how the video is about two lovers, includes comments and reviews.

If someone was to click on the link in this email (a link that at first sight appears to point to YouTube) they’ll be taken to a fake website made to look a little like YouTube. Then a message comes up saying that a new Flash player is required. Don’t install this player, it’s a virus. Pay close attention to links (URL’s) in emails.

Laos Airlines Website

It used to be that your computer could become infected if you went to a pornographic or warez website (warez sites are where people can illegally obtain software cracks). While this is still true, “normal” websites can also be vulnerable these days.

The Laos Airlines website was hacked and some code was added at the bottom – malicious code that isn’t visible to the average person. If you were to visit their website (whether to look up travel information or to book a flight) your web browser will also try to load a web page (being hosted in China) that then will try to install malware onto your computer.

The airline itself was a victim, and now that it’s been discovered and made public they’ll no doubt fix it. It’s certainly no reason not to travel to Laos or to use their airline. And the fact that the malicious code was hosted in China is an indicator that a lot of (black hat)hackers are setting up shop over there (until recently Russia was their country of choice to hide their malicious activities).

A couple of tips to avoid being a victim of crimes like this:

  • Use alternative web browsers whenever possible. Use FireFox or Opera instead of Internet Explorer.
  • Use a good antivirus program that monitors web browsing, and that constantly updates itself (these are usually not free, and it’s well worth paying their fee to keep you safe).

And keep reading as much as possible about online security. Education can only help you.

2 New Skype Related Warnings

There are two new warnings related to Skype today. In each case it’s not Skype that’s the problem, it’s just related to their service.

1. Some people have received a warning saying “Security Center has detected malware on your computer“. If you click on the links provided you’ll get a message telling you malware was found on your computer. It then asks you to pay money for an alleged program to clean it. If you see this, ignore it. It didn’t really scan your computer for viruses, and the money they ask for won’t really go towards anything good.

2. Some Skype users have received a message about finding a lost girl. Again this is a hoax and if you click on the links provided a web site will attempt to install a virus on your computer. Ignore it.

More details can be found at Skype’s security site.