Most jailbroken Apple iPhone users in Australia have been baffled ever since their phone’s wall papers have been mysteriously changed and replaced with the image of Rick Astley, a pop singer in the 1980s. The reports of this weird worm surfaced in Australia and has been spreading to other countries as well. The hacker named ikee who has released the worm in the open is leaving a message with the image on the iPhones saying, “ikee is never going to give you up.”

The ikee worm exploits the weakness of a default password after an iPhone is jailbroken using SSH. The ikee worm is a self replicating entity that keeps on creating a copy of its self on each and every iPhone it infects and then looks for similar unsecured iPhones over mobile networks and repeats the process again and again. One fact and a word of caution that has emerged from this incident is that, regardless of the way you have jailbroken your iPhone, if you have SSH protocol, then it is imperative that, you change the passwords for the SSH on your iPhones, if you wish to avoid such misdemeanors. The ikee worm as of now is still spreading and users just have to wait and watch as to when the worm gets deactivated or halts its invasion for good.

A blogger named JD, has posted a blog post that carries the transcripts of a chat session that with the creator of the ikee worm. The chat session took place in one the channels of the IRC (Internet Chat Rely). Here are some excerpts from the chat session:

“[09:02] <JD> Hi ikee Thanks for joining me

[09:02] <ikee> nps

[09:03] <JD> Now, as you’re well aware, you wrote a virus that is infecting many iPhones in Australia. I guess the real question to start with is why?

[09:04] <ikee> First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it)

[09:05] <ikee> Secondly i was quite amazed by the number of people who didn’t RTFM and change their default passwords.

[09:07] <JD> How far did you expect it to spread, exactly?

[09:08] <ikee> Well i didn’t think that many people would have not changed their passwords I was expecting to see maybe 10~ or so people, at first I was not even going to add the replicate/worm code but it was a learning experience and i got a tad carried away

[09:11] <JD> Are you aware that it has even started to replicate itself overseas?

[09:13] <ikee> I heard a few stories about it, that would have been sheer luck, the code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra’s IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT’d) then a random 20 IP ranges. I’m guessing a few phones hit a range that another vulnerable phone was on.

[09:14] <ikee> (From another country)

[09:15] <JD> Well that was my next question: Why does it only seem to be hitting Optus here and Overseas (I was presuming from screenshots I’ve seen)… So you’re saying the Optus network is more vulnerable due to it not using NAT?

[09:17] <ikee> I don’t think it was an Optus fault (Being an Optus user I quite like the fact i can access my iPhone services from the outside world), I think it was mainly the fault of people being to lazy to change their passwords (It only takes a couple of seconds guys) and I hope this taught a few people that.

[09:18] <JD> So do you know exactly how many people are currently infected with the “ikee virus”?

[09:20] <ikee> I can only confirm how many my phone infected alone, which was 100+ phones. I think most of them fixed it (AND I’M HOPING THEY CHANGED THEIR PASSWORDS.)

[09:21] <JD> So your major defense seems to be that people left themselves vulnerable, Do you steal stuff from people’s houses if they leave the backdoor open?

[09:24] <ikee> I’ll answer your question with two questions, Have you ever used unprotected Wifi? and Technically I did not steal anything, have you ever littered on someone else’s property? (Smokers will definitely associate )

[09:25] <JD> Ok, I suppose I can personally admit to both of them, but it seems alot more to me like vandalism than littering, which isn’t something I would do

[09:27] <ikee> Personally I would class littering as vandalism (They definitely don’t want your rubbish there). I admit I probably pissed of a few people, but it was all in good fun (well ok for me anyway)

[09:30] <JD> So that explains why you decided to use Rick Astley. In my research, I’ve been reading about a similar virus (it seems) that contains a picture of an ‘asian child’ – I havn’t seen screenshots of this, but that’s how it is described. Are you also responsible for the “Asian Child virus”?

[09:32] <ikee> Ahh that was a quirk of my bad coding, the ‘virus’ itself has 4 variations and the first variation would resend its LockBackground.jpg to the victim. I did not comprehend that the infector might have not rebooted their phone after changing the LockBackground to something else (Causing them to send their changed lockbackground instead of Mr Astley)

[09:36] <JD> So it’s the same virus, but now containing a picture of someone’s loved one?”

Via TUAW & JD’s Thoughts On Everything.