To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://hardware.silicon.com/pdas/0,39024643,39169603,00.htm

First iPhone Trojan reported
…more 'prank' than 'threat'

By Tom Espiner

Published: Wednesday 09 January 2008

The first iPhone Trojan has been seen in the wild, according to security vendors.

The first warnings about the Trojan were posted on the iPhone modification forum ModMyiFone.com, said security vendor F-Secure. When installed, the Trojan appeared to do nothing more than display the word "shoes", according to the ModMyiFone post.

More on the iPhone

Follow the links for news, videos and pics of Apple's hotly anticipated iPhone…
News
♦  SAP backs iPhone with new software release
♦  iPhone too pricey for Brits?
♦  iPhone for business? Hang on...
♦ iPhone in the UK: Hands up who wants one?
Video
♦ Apple shows off iPhone apps
Photos
♦  Photos: Who's in the iPhone queue?
♦ Steve Jobs and the UK iPhone launch

However, when a user attempted to uninstall the malicious code, the application wiped files from the /bin directory, breaking 'Erica's Utilities' such as sendfile. Erica's Utilities are a collection of command-line utilities for the iPhone, according to security vendor Symantec, which warned that the Trojan also overwrites OpenSSH, an open-source encryption protocol.

The Trojan, known as 'iPhone firmware 1.1.3 prep', or '113 prep', is the first to be seen in the wild, according to Symantec researcher Orla Cox.

Cox wrote in a blog post: "This is technically the first Trojan horse seen for the iPhone; however, it does appear to be more of a prank than an actual threat. The impact of uninstalling the 'Trojan' would appear to be an unintended side effect."

Affected users need to uninstall the Trojan and reinstall affected files, according to Symantec. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline, wrote Cox.

Both Symantec and F-Secure warned users should be cautious when installing third-party iPhone applications. Apple warned in September last year that its own updates could break unlocked iPhones running unofficial iPhone software.