iPh/Duh-A

Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Characteristics	Drops more malware
Protection available since	24 November 2009 00:50:44 (GMT)
Last updated	24 November 2009 20:40:24 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

Since iPh/Duh-A can download additional code and commands, users are recommended to restore their iPhones from a last known-clean backup, or upgrade to the latest Apple firmware.

More Information

Summary
Action
More Information

iPh/Duh-A is a worm for jail-broken Apple iPhones.

iPh/Duh-A has the functionality to communicate with the remote server located at:
92.61.38.16

iPh/Duh-A can only affect jail-broken iPhones that have the root password 'alpine'.

Accounts with the password:
'alpine'
are patched to have the password:
'ohshit'

After infecting a system, iPh/Duh-A spreads by SCP'ing itself to jail-broken iPhones with the root password:
'alpine'

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

iPh/Duh-A

Summary

Action

More Information