Search This Blog

Tuesday, November 24, 2009

iPhone: New Worm STEALS Private Details!

Ikee's decendant is here with dangerous capability.  Worm was identified by F-Secure is claimed to have botnet capability.  This new worm targets all the jailbroken iPhones with OpenSSH installed.

What is botnet?
Bot = robot & Net = network
Botnet (Robot Network) runs malicious software automatically turning your computer into a bot controlled by a master computer.  Computers that are vulnerable are the main targets.

What can botnet do?
Botnet can steal personal information without your knowledge.
This worm can steal all information from Text Messages to all your Bank details.

What should iPhone user do?
Change your SSH password from default "alpine".  (Guide to change password)
Quote from ZDNetAsia
In a follow-up e-mail to ZDNet Asia, Ducklin said users should upon login check for a directory named "/private/var/mobile/home", which hosts the viral files. Files named "inst", "cydia.tgz", "duh", "sshd" and "syslog" ought be be removed to deactivate the malware, he said.
Posted by at No comments:
Labels: , ,

Saturday, November 21, 2009

Appulous/Installous Troll Bridge ANSWERS



Appulous/Installous, the world renowned pirated apps site has introduced a new feature "The Troll Bridge." Looking for answers? Here it is.....



  • Who am I? - Kyek 
  • Who was the cracker most credited with discovering the cracking method? – lsemtex 
  • Who was the admin of HakStore? – Labrat 
  • What is the name of Appulous' caching algorithm? – Recache 
  • Three people were responsible for posting a huge number of apps to Appulous before it was ever opened to the public. These people are most_uniQue, bugmenotaasdf, and who else? – Sonic 
  • This developer was the first to program a library for pulling all of the screenshots for an app out – Doosje 
  • What was the name of the short lived app on the Hackulo.us repo made to refresh your springboard cache? - Rebuild 
  • TDDebug made AppScene.org what it is today. Who runs it now? - Pondeuce 
  • I work for apple's law firm and have been tryingto get appulous shut down since the beginning. I wish i was better at my job. What is my first and last name? - Ian Ramage 
  • The Appulous test servers, on which new backedn code and server configs are tested semi-publicly before moving to production, are provided by what company? - Amazon 
  • Who leaked the original Crackulous source code? - Cdecl 
  • Who did Labrat attempt to con into writing a private Appulous clone for his website? (It wasn't Hover Dam.) - AndyDam 
  • Who was the first person to start mass-cracking "self-aware" apps? - Panik 
  • Who wrote the code that powered TheMonkeysBall.com? - wyze 
  • TheMonkeysBall.com was a two-man team Wyze and …….? - Scuzzy19 
  • I have two Hackulous accounts: My main one, and one I made just for fun. Which is the latter? - thepoet 
  • Before Genius' Hackulous tag said "Root Admin", what did it say? (Might have been even more fitting if he pulled a reverse Sosa.) (The background had 3 colors in it. It was all wavy-like.) (And astrally striped.) (Statistically, 20% of you see this background before 8am nearly every day.) (Ok seriously, if you know what the background is and you can't think of a title of authority that might go on top of that -- even without the reverse Sosa clue -- you need to re-enroll in kindergarten and start your life over. Because whoa, you took a wrong turn somewhere.) - President 
  • You ssh into your phone and need to make a symlink from "cow" to "chicken". Type the command. - ln -s cow chicken 
  • B00sted4fun's Russion repo was hosted by what company? - Dreamhost 
  • My name used to be Omgwtf. Who am I now? - SaladFork 
  • This site made a bad knockoff of Appulous to try to get hits, but ended up getting DDoSed until they took it down. It's ____________.com - Imodzone 
  • I posted a job on rent-a-coder for someone to make an Appulous knockoff for my site. Kyek accepted the job under another name and pwned me :(. But we're cool now. Who am I? - pr0x 
  • What German publication ran a two-page feature on Appulous in September? (It looks like a typo... but it's not!) - pc magazin 
  • They need to do way _________ mother. - instain 
  • You're connected to our IRC server. To join our room, what would you type? - /join #chatulous 
  • You ssh to your phone and decide to rename "Documents" to "Other crap". Type the command to do it, without using quotes. - mv Documents Other\ crap 
  • Kyek modified a Greasemonkey plugin to allow you to see if an Appulous IPA link was dead before you clicked it. The original plugin was the ________ Links Checker. - Cavern
  • Future new question - answer
Will update again soon...
Posted by at 32 comments:
Labels: , , , , , , , ,

iPhone: Change Root Password




Change default root password from "alpine" after jailbreak iPhone to prevent infection with ikee worm.

Follow the steps below:




  1. Launch mobile terminal. Enter "login" then enter login ID "root"
  2. Enter default password "alpine"
  3. Enter "passwd" and change the the password you prefer.  Reconfirm the new password.
  4. Repeat set 1 to 3 but enter the login ID as "mobile

    Posted by at No comments:
    Labels: , , ,

    iPhone: Remove ikee worm

    Jailbroken iPhones are at risk of being infected with ikee worm.


    Most people (like me) should be affected by the first 3 A,B,C variant.


    Which variant am I into? If you can find the files in the 1st scenario to delete, then u are having the variant A,B,C. Please make sure you have install MobileTerminal on your iPhone before you start.

    1st Variant

    • Launch MobileTerminal. Login to root "su root" with default password "alpine".
    • Enter each line of command and press return key. Tip: Commands are case sensitive
      • rm /bin/poc-bbot
      • rm /bin/sshpass
      • rm /var/log/youcanbeclosertogod.jpg
      • rm /var/mobile/LockBackground.jpg or rm /var/mobile/Library/LockBackground.jpg)
      • rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
      • rm /var/lock/bbot.lock
    • Reboot iphone
    • Change password and reinstall Open SSH.
    2nd Variant

    • Launch MobileTerminal. Login to root "su root" with default password "alpine".
    • Enter below commands and press return key after each line. Tip: Commands are case sensitive
      • rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
      • rm /usr/libexec/cydia/startup
      • rm /usr/libexec/cydia/startup-helper
      • rm /usr/libexec/cydia/startup.so
    • Reinstall Cydia with below command.
      • su root
      • Password: alpine
      • get-app remove cydia
      • get-app install cydia
    • Reboot iPhone. Now you should be worm-free....
    Posted by at No comments:
    Labels: , , ,
    Subscribe to: Posts (Atom)