De-Worm Your iPhone

So you jailbroke your iPhone. Maybe you wanted to try out some of the third party apps. Maybe you just wanted to tweak your interface. Either way, you did it without changing your root password. Now you're helplessly staring at a picture of Rick Astley, thanks to one of the new iPhone worms that are running wild--or worse, your personal information, including online banking data, could be compromised. Here's how you can figure out which worms your iPhone might have, get rid of them, and ensure that they don't come back.

The Diagnosis

As of this writing, there are three known worms out there for the iPhone: Ikee changes your wallpaper to Rick Astley, iPhone/Privacy.A pores through all your personal information, and the third as-yet-unnamed worm copies your personal data and redirects online banking customers of a Dutch bank to a fake phishing website.

If your wallpaper has a picture of a dashing young man underneath the text "ikee is never gonna give you up", your iPhone is infected with the Ikee worm.

If your iPhone's battery life has been strangely short lately, your iPhone might have the third worm, which is constantly running a background process that attempts to spread itself to other vulnerable iPhones. Also, if you tried to change your root password and it didn't work, you most likely have this worm--it changes the default ssh password once it infects your iPhone.

iPhone/Privacy.A is the trickiest one to identify because it doesn't leave anything iPhone itself. Rather, it can be installed on a computer (a display model at a retail store, for example) and instructed to scan all available wireless networks for vulnerable iPhones. Your anti-virus software should catch it if it's on your computer, but you'll want to change the root password for your iPhone so it can't get in.

The Cure

Getting rid of the ikee worm is the least painful of the three.

Start by downloading the MobileTerminal app from Cydia and installing it on your iPhone if you don't already have it. Restart.

Open up the MobileTerminal app and login under your root account (if you haven't changed the password yet, the login is "root" and the password is "alpine").

Use the following commands to delete these files. These commands are case-sensitive, so be careful.

rm /bin/poc-bbot rm /bin/sshpass rm /var/log/youcanbeclosertogod.jpg rm /var/mobile/LockBackground.jpg rm /System/Library/LaunchDaemons/com.ikey.bbot.plist rm /var/lock/bbot.lock

If that doesn't do it, an alternate version of the ikee worm requires you to remove these files instead.

rm /usr/libexec/cydia/startup rm /usr/libexec/cydia/startup.so rm /usr/libexec/cydia/startup-helper rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist

If you removed the above four files, you'll have to reinstall Cydia.

Users worried about iPhone/Privacy.A will need to rely on their antivirus software to catch it on their computers (Intego's VirusBarrier X5 will catch it for the Mac) but it's unclear if any of the big security software companies have addressed it yet.

For users infected with the third worm, there's no fix at the present short of backing up your data and restoring your firmware to factory conditions.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.