How to Remove the iPhone Worm

by on 11/23/2009 in iPhone Threats, Security

Our previous article titled “Jailbroken iPhones Targeted by New Worm“, highly recommends that all users change their default root password in order to prevent an attacker to take control over the iPhone.remove-iphone-worm

Users, who have a jailbroken device and are concerned about worms, should backup their data, and then restore the device to its factory settings.

This latest attack appears to be designed to create a botnet of iPhones — an army of hijacked iPhones under the control of remote hackers, according to Graham Cluley, a senior security consultant at Sophos.

“The hackers can then order the iPhones to do whatever they wish,” he explained. “For instance, they could be instructed to send spam, spread more Malware, or steal information. In this case the worm appears to be specifically trying to steal information from users of a Dutch bank.

How to remove the iPhoneOS.Ikee.B worm

1. Delete any of the following files if present:

  • /private/var/mobile/home/duh
  • /private/var/mobile/home/sshd
  • /private/var/mobile/home/heh
  • /private/var/mobile/home/.tmp
  • /private/var/mobile/home/syslog
  • /private/var/mobile/home/inst
  • /private/var/mobile/home/cydia.tgz
  • /private/var/mobile/home/adv-cmds_119-5_iphoneos-arm.deb
  • /private/var/mobile/home/sqlite3_3.5.9-9_iphoneos-arm.deb
  • /private/var/mobile/home/curl_7.19.4-6_iphoneos-arm.deb
  • /private/var/mobile/home/[random numeric digits]/info
  • /private/var/mobile/home/[random numeric digits]/sms.txt
  • /etc/rel

2. Reset the root password to something other than the default.

With the growing popularity of iPhone users, the likelihood of more attacks is eminent.

2 Responses to “How to Remove the iPhone Worm”

  1. junqin

    Nov 25th, 2009

    I have done up a full comprehensive write up on the removal methods. Steps are verified as i have gone through the entire process on my iPhone.

    goto: http://junqin1.blogspot.com/2009/11/ikee-iphone-worm.html

    • Frank J

      Nov 25th, 2009

      junqin,

      Thanks for the share. I am sure this will help others.