Jailbroken iPhones create malware vulnerability

Jailbreaking, Infosecurity notes, is done to circumvent digital rights management in order to open the  iPhone up to a larger number of applications.

Last year, the Ikee worm was able to exploit an iPhone vulnerability to gain unauthorized entry via the secure socket shell (SSH), Fortinet said in a statement.

“Once an iPhone, or any device, has been ‘broken', the door is open. The device may then execute code or function in a way it was not designed to do”, said Derek Manky, project manager of cyber security and threat research at Fortinet.

In addition, FortiGuard Labs detected a surge in Sasfis activity that was linked to the Asprox spambot, which had been silent for more than a year. The spambot was intended to be used for an email seeding campaign. The emails contained zipped executable attachments, disguised as fax copies. The attachment was a copy of Sasfis, which downloaded Asprox in order to send more spam from the infected machine.

In addition to an increase in Sasfis activity, FortiGuard Labs downloaded a sniffer module that scans traffic on TCP ports 21, 25, and 110 (FTP, SMTP and POP3).

“Traffic on these ports would be processed by the module into encrypted data sets and sent via HTTP POST to a command and control server located in Europe,” Manky said. “Stolen FTP credentials can be quite valuable and are often used to hijack Web servers. The variant was also observed downloading the TotalSecurity ransomware suite, which has been high on our malware radar for a number of weeks.”

Other vulnerabilities noted in the report include the following:

  • Two vulnerabilities were patched for Apple QuickTime on September 15, one of which was discovered by FortiGuard Labs. The other vulnerability was a critical issue that bypassed data execution prevention and address space layout randomization protection technologies using QuickTime. Fortinet research has determined that there are in-the-wild flash samples actively trying to exploit this vulnerability.
  • Microsoft has issued security advisories for the Outlook Web Access Privilege Elevation Vulnerability and ASP.NET, which could enable information disclosure.
  • Adobe has issued two zero-day security advisories for Adobe Reader/Acrobat and its Flash player.

The full report is available at Fortinet’s website.

What’s Hot on Infosecurity Magazine?