The malicious package, called “iPhone firmware 1.1.3 prep” by its creator, was first reported Saturday on blogs, purporting to be “an important system update," according to researchers at Symantec Security Response.
The trojan is harmful to the iPhone only in that it overwrites applications such as “Erica's utilities,” a collection of command-line utilities for the mobile device, and OpenSSH. When an iPhone user deletes the faux firmware package, those applications are also removed, researcher Orla Cox said today on the Symantec Security Response blog.
"This is technically the first trojan seen for the iPhone," said Cox. "However, it does appear to be more of a prank than an actual threat. The risk to users is minimal as they would have to choose to install the bogus package, and the site that was hosting it has now been taken offline. Nevertheless, iPhone users should exercise caution regarding the packages they choose to install on their phones.”
An Apple representative could not be immediately reached for comment.
Despite its popularity, the iPhone has not been the target of a significant attack. However, a group of researchers at Independent Security Evaluators in June disclosed that the device is susceptible to a buffer overflow attack that could permit attackers to inject malicious code to steal personal information.
Kevin Haley, group product manager at Symantec Security Response, told SCMagazineUS.com today that while this trojan is relatively harmless to the iPhone, more harmful malware is sure to follow.
“If there is enough of a mass of users, so much that the bad guys can exploit it - and certainly the iPhone is a very popular phone – and if there's the ability to write malware for it, then it will likely happen,” he said.
First iPhone trojan more prank than malware
By Frank Washkuch on Jan 9, 2008 1:06PM